Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

423 advisories

Loading
NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow Critical
GHSA-h6gw-r52c-724r was published for tensorflow (pip) Feb 9, 2022
Malware in ctx Critical
GHSA-4g82-3jcr-q52w was published for ctx (pip) May 25, 2022
Embedded Malicious Code in ctx Critical
GHSA-67r3-h899-9w95 was published for ctx (pip) Jun 2, 2022
PaddlePaddle vulnerable to code injection via winstr Critical
CVE-2022-45908 was published for paddlepaddle (pip) Nov 26, 2022
Remote unauthenticated attackers able to upload files in Onionshare Critical
CVE-2021-41868 was published for onionshare-cli (pip) Nov 19, 2021
Backdoor in api-res-py Critical
CVE-2022-31313 was published for api-res-py (pip) Jun 9, 2022
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely Critical
CVE-2022-31558 was published for shiva (pip) Jul 12, 2022
ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function Critical
CVE-2022-31573 was published for chainerrl-visualizer (pip) Jul 12, 2022
WMAgent arbitrary code execution via a crafted dbs-client package Critical
CVE-2022-34558 was published for global-workqueue (pip) Jul 29, 2022
Sony Neural Network Libraries reliance on untrusted inputs prior to v1.0.10 Critical
CVE-2019-10844 was published for nnabla (pip) May 13, 2022
westonsteimel
Apache Airflow Hive Provider vulnerable to Command Injection Critical
CVE-2022-46421 was published for apache-airflow-providers-apache-hive (pip) Dec 20, 2022
Maltego incorrectly shares a MISP connection across users in a remote-transform use case Critical
CVE-2020-12889 was published for MISP-maltego (pip) May 24, 2022
westonsteimel
Origin Validation Error in rdiffweb Critical
CVE-2022-3457 was published for rdiffweb (pip) Oct 14, 2022
exotel-py 0.1.6 includes code execution backdoor inserted by a third party Critical
CVE-2022-38792 was published for exotel (pip) Aug 28, 2022
Missing rate limit on rdiffweb Critical
CVE-2022-3439 was published for rdiffweb (pip) Oct 14, 2022
OS Command Injection in Apache Airflow Critical
CVE-2022-40189 was published for apache-airflow (pip) Nov 22, 2022
Command Injection in Apache Airflow and Apache Airflow MySQL Provider Critical
CVE-2023-22884 was published for apache-airflow (pip) Jan 21, 2023
acryl-datahub missing JWT signature check Critical
CVE-2022-39366 was published for acryl-datahub (pip) Oct 31, 2022
artsploit pwntester
sylwia-budzynska p- Kwstubbs jorgectf
PaddlePaddle Out-of-bounds Read vulnerability Critical
CVE-2022-46741 was published for paddlepaddle (pip) Dec 7, 2022
wger vulnerable to brute force attempts Critical
CVE-2022-2650 was published for wger (pip) Nov 24, 2022
SQL injection in calibreweb Critical
CVE-2022-30765 was published for calibreweb (pip) May 17, 2022
Cobbler has Exposed Dangerous Method or Function Critical
CVE-2018-10931 was published for cobbler (pip) May 13, 2022
Excessive Attack Surface in pyload-ng Critical
CVE-2023-0435 was published for pyload-ng (pip) Jan 23, 2023
OS Command Injection in jw.util Critical
CVE-2020-13388 was published for jw.util (pip) Jun 2, 2021
Apache Airflow Google Provider Improper Input Validation vulnerability Critical
CVE-2023-25691 was published for apache-airflow-providers-google (pip) Feb 24, 2023
ProTip! Advisories are also available from the GraphQL API