Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,305 advisories

Loading
autogluon.multimodal vulnerable to unsafe YAML deserialization High
GHSA-6h2x-4gjf-jc5w was published for autogluon.multimodal (pip) Sep 21, 2022
sxjscience
django-sendfile2 before 0.7.0 contains reflected file download vulnerability High
GHSA-pcjh-6r5h-r92r was published for django-sendfile2 (pip) Aug 11, 2022
moggers87 sergei-maertens
Phoenix-ws source code and data in extensions folder is publicly available High
GHSA-c8f7-x2g7-7fxj was published for phoenix-ws (pip) Jun 2, 2022
High severity vulnerability that affects indico High
GHSA-67cx-rhhq-mfhq was published for indico (pip) Oct 11, 2019
Update bitlyshortener to >=0.5.0 to prevent generating some invalid short URLs High
GHSA-r82c-j4mq-5xfw was published for bitlyshortener (pip) Oct 27, 2020
Storage corruption due to variables overwritten by re-entrancy locks High
GHSA-7f92-rr6w-cq64 was published for vyper (pip) Aug 5, 2021
pandadefi charles-cooper
iamdefinitelyahuman
Unauthorized access through URL manipulation High
GHSA-qrmm-w4v4-q7f8 was published for docassemble (pip) May 6, 2021
jimmio
Out-of-bounds Read in OpenCV High
CVE-2017-18009 was published for opencv-contrib-python (pip) Oct 12, 2021
Denial of Service in OpenCV High
CVE-2017-12602 was published for opencv-contrib-python (pip) Oct 12, 2021
Denial of Service in OpenCV High
CVE-2017-12600 was published for opencv-contrib-python (pip) Oct 12, 2021
Improper Validation of Integrity Check Value in TensorFlow High
GHSA-43q8-3fv7-pr5x was published for tensorflow (pip) Feb 9, 2022
Server crash if running Python 3.10 w/ Sanic 20.12 High
GHSA-7p79-6x2v-5h88 was published for sanic (pip) Feb 16, 2022
prryplatypus
Incorrect Comparison in Vyper High
GHSA-7vrm-3jc8-5wwm was published for vyper (pip) Apr 4, 2022
Cross Site Scripting vulnerability in django-jsonform's admin form. High
GHSA-x9jp-4w8m-4f3c was published for django-jsonform (pip) Jun 10, 2022
XSS Vulnerability in Markdown Editor High
GHSA-85q9-7467-r53q was published for inventree (pip) Jun 17, 2022
Gaurav-G2
Insufficient HTML Sanitization High
GHSA-rm89-9g65-4ffr was published for inventree (pip) Jun 17, 2022
saharshtapi
SentinelOne impersonated via PyPI packages High
GHSA-g86j-hwg9-77q5 was published for SentinelOne (pip) Dec 27, 2022
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints High
CVE-2022-43719 was published for apache-superset (pip) Jan 16, 2023
Improper Certificate Validation in pyload-ng High
CVE-2023-0509 was published for pyload-ng (pip) Jan 27, 2023
Cross Site Request Forgery in mailman High
CVE-2021-44227 was published for mailman (pip) Dec 16, 2021
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI High
CVE-2022-25512 was published for FreeTAKServer-UI (pip) Mar 12, 2022
Allocation of Resources Without Limits or Throttling in nvflare High
CVE-2022-21822 was published for nvflare (pip) Mar 18, 2022
Nintorac
Insertion of Sensitive Information into Log File in Jupyter notebook High
CVE-2022-24757 was published for jupyter-server (pip) Mar 25, 2022
3coins
Sensitive Auth & Cookie data stored in Jupyter server logs High
CVE-2022-24758 was published for notebook (pip) Apr 5, 2022
3coins
Integer bounds error in Vyper High
CVE-2022-24845 was published for vyper (pip) Apr 22, 2022
ProTip! Advisories are also available from the GraphQL API