Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,486
Maven
5,000+
npm
4,104
NuGet
735
pip
3,918
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23,747 advisories

Loading
TablePress Plugin vulnerable to Cross-site Scripting Moderate
CVE-2022-3788 was published for tobiasbg/tablepress (Composer) Nov 1, 2022
IBAX go-ibax vulnerable to SQL injection High
CVE-2022-3800 was published for github.com/IBAX-io/go-ibax (Go) Nov 1, 2022
Apache DolphinScheduler vulnerable to Path Traversal Moderate
CVE-2022-34662 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Nov 1, 2022
IBAX go-ibax vulnerable to SQL injection High
CVE-2022-3798 was published for github.com/IBAX-io/go-ibax (Go) Nov 1, 2022
IBAX go-ibax vulnerable to SQL injection High
CVE-2022-3801 was published for github.com/IBAX-io/go-ibax (Go) Nov 1, 2022
IBAX go-ibax vulnerable to SQL injection High
CVE-2022-3802 was published for github.com/IBAX-io/go-ibax (Go) Nov 1, 2022
Apache Spark vulnerable to Log Injection Moderate
CVE-2022-31777 was published for org.apache.spark:spark-core (Maven) Nov 1, 2022
kurt-r2c
IBAX go-ibax vulnerable to SQL injection High
CVE-2022-3799 was published for github.com/IBAX-io/go-ibax (Go) Nov 1, 2022
phpCAS vulnerable to Service Hostname Discovery Exploitation High
CVE-2022-39369 was published for apereo/phpcas (Composer) Nov 1, 2022
X.509 Email Address 4-byte Buffer Overflow Critical
CVE-2022-3602 was published for openssl-src (Rust) Nov 1, 2022
X.509 Email Address Variable Length Buffer Overflow High
CVE-2022-3786 was published for openssl-src (Rust) Nov 1, 2022
xmldom allows multiple root nodes in a DOM Critical
CVE-2022-39353 was published for @xmldom/xmldom (npm) Nov 1, 2022
frumioj karfau
kurt-r2c
Spring Security authorization rules can be bypassed via forward or include dispatcher types Critical
CVE-2022-31692 was published for org.springframework.security:spring-security-core (Maven) Nov 1, 2022
spring-security-oauth2-client vulnerable to Privilege Escalation High
CVE-2022-31690 was published for org.springframework.security:spring-security-oauth2-client (Maven) Nov 1, 2022
node-red-dashboard vulnerable to Cross-site Scripting Moderate
CVE-2022-3783 was published for node-red-dashboard (npm) Nov 1, 2022
muhammara and hummus vulnerable to denial of service by NULL pointer dereference High
CVE-2022-25892 was published for hummus (npm) Nov 1, 2022
muhammara and hummus vulnerable to null pointer dereference on bad response object High
CVE-2022-25885 was published for hummus (npm) Nov 1, 2022
julianhille
Apache Tomcat may reject request containing invalid Content-Length header High
CVE-2022-42252 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 1, 2022
sunSUNQ westonsteimel
acryl-datahub missing JWT signature check Critical
CVE-2022-39366 was published for acryl-datahub (pip) Oct 31, 2022
artsploit pwntester
sylwia-budzynska p- Kwstubbs jorgectf
ProcessWire vulnerable to Cross-site Scripting Moderate
CVE-2022-40487 was published for processwire/processwire (Composer) Oct 31, 2022
ProcessWire vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-40488 was published for processwire/processwire (Composer) Oct 31, 2022
kangax html-minifier REDoS vulnerability High
CVE-2022-37620 was published for html-minifier (npm) Oct 31, 2022
DanielRuf
thlorenz browserify-shim vulnerable to prototype pollution Critical
CVE-2022-37623 was published for browserify-shim (npm) Oct 31, 2022
Duplicate Advisory: Cross-Site Request Forgery in easyii CMS High
CVE-2022-3772 was published for noumo/easyii (Composer) Oct 31, 2022 withdrawn
easyii CMS's File Upload Management vulnerable to unrestricted upload Critical
CVE-2022-3771 was published for noumo/easyii (Composer) Oct 31, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database