GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
130 advisories
Filter by severity
Chrono has potential segfault issue in SPIFFE authenticator
Low
GHSA-45w3-v3g4-54pm
was published
for
parsec-service
(Rust)
Feb 11, 2022
NULL Pointer Dereference in Kubernetes CSI snapshot-controller
Moderate
CVE-2020-8569
was published
for
github.com/kubernetes-csi/external-snapshotter/v2
(Go)
Feb 15, 2022
NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow
Critical
GHSA-h6gw-r52c-724r
was published
for
tensorflow
(pip)
Feb 9, 2022
Missing validation results in undefined behavior in `SparseTensorDenseAdd
Moderate
CVE-2022-29206
was published
for
tensorflow
(pip)
May 24, 2022
NULL Pointer Dereference in HyperLedger Fabric
High
CVE-2021-43667
was published
for
github.com/hyperledger/fabric
(Go)
May 25, 2022
Segfault due to missing support for quantized types
Moderate
CVE-2022-29205
was published
for
tensorflow
(pip)
May 24, 2022
Missing validation results in undefined behavior in `QuantizedConv2D`
Moderate
CVE-2022-29201
was published
for
tensorflow
(pip)
May 24, 2022
CloudCore CSI Driver: Malicious response from KubeEdge can crash CSI Driver controller server
Moderate
CVE-2022-31077
was published
for
github.com/kubeedge/kubeedge
(Go)
Jun 25, 2022
CloudCore UDS Server: Malicious Message can crash CloudCore
Moderate
CVE-2022-31076
was published
for
github.com/kubeedge/kubeedge
(Go)
Jun 25, 2022
TensorFlow vulnerable to null-dereference in `mlir::tfg::GraphDefImporter::ConvertNodeDef`
Moderate
CVE-2022-36013
was published
for
tensorflow
(pip)
Sep 16, 2022
TensorFlow vulnerable to null dereference on MLIR on empty function attributes
Moderate
CVE-2022-36011
was published
for
tensorflow
(pip)
Sep 16, 2022
TensorFlow vulnerable to null-dereference in `mlir::tfg::TFOp::nameAttr`
Moderate
CVE-2022-36014
was published
for
tensorflow
(pip)
Sep 16, 2022
TensorFlow vulnerable to segfault in `LowerBound` and `UpperBound`
Moderate
CVE-2022-35965
was published
for
tensorflow
(pip)
Sep 16, 2022
TensorFlow vulnerable to null dereference on MLIR on empty function attributes
Moderate
CVE-2022-36000
was published
for
tensorflow
(pip)
Sep 16, 2022
Socket.IO-client Java before 2.0.1 vulnerable to NULL Pointer Dereference
High
CVE-2022-25867
was published
for
io.socket:socket.io-client
(Maven)
Aug 3, 2022
Segfault via invalid attributes in `pywrap_tfe_src.cc`
Moderate
CVE-2022-41889
was published
for
tensorflow
(pip)
Nov 21, 2022
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat
High
CVE-2020-13934
was published
for
org.apache.tomcat:tomcat
(Maven)
Feb 8, 2022
NULL Pointer Dereference in OpenCV.
High
CVE-2019-14493
was published
for
opencv-contrib-python
(pip)
Oct 12, 2021
Unchecked return value from xmlTextReaderExpand
High
CVE-2022-23476
was published
for
nokogiri
(RubyGems)
Dec 8, 2022
Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp
High
CVE-2022-39381
was published
for
hummus
(npm)
Nov 2, 2022
Nil dereference in NATS JWT, DoS of nats-server
High
CVE-2020-26521
was published
for
github.com/nats-io/jwt
(Go)
Feb 11, 2022
ProTip!
Advisories are also available from the
GraphQL API