Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,486
Maven
5,000+
npm
4,104
NuGet
735
pip
3,918
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23,747 advisories

Loading
OctoRPKI crashes when max iterations is reached Moderate
CVE-2022-3616 was published for github.com/cloudflare/cfrpki (Go) Oct 31, 2022
conduit-hyper vulnerable to Denial of Service from unchecked request length High
CVE-2022-39294 was published for conduit-hyper (Rust) Oct 31, 2022
phpMyFAQ vulnerable to reflected Cross-site Scripting Moderate
CVE-2022-3766 was published for thorsten/phpmyfaq (Composer) Oct 31, 2022
phpMyFAQ vulnerable to stored Cross-site Scripting Moderate
CVE-2022-3765 was published for thorsten/phpmyfaq (Composer) Oct 31, 2022
OpenStack Sushy-Tools and VirtualBMC Improper Preservation of Permissions Moderate
CVE-2022-44020 was published for sushy-tools (pip) Oct 30, 2022
phpMyFAQ contains Weak Password Requirements Critical
CVE-2022-3754 was published for thorsten/phpmyfaq (Composer) Oct 29, 2022
thlorenz browserify-shim vulnerable to prototype pollution Critical
CVE-2022-37621 was published for browserify-shim (npm) Oct 29, 2022
RCE vulnerability in Pimcore/Mail & Dynamic Text Layout Critical
CVE-2022-39365 was published for pimcore/pimcore (Composer) Oct 29, 2022
nth347
Keylime: unhandled exceptions could lead to invalid attestation states High
CVE-2022-3500 was published for Keylime (pip) Oct 28, 2022
galmasi
Ansible leaks password to logs High
CVE-2022-3697 was published for ansible (pip) Oct 28, 2022
LunaBorowska
Apache DolphinScheduler vulnerable to Path Traversal Moderate
CVE-2022-26884 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Oct 28, 2022
Hashicorp Boundary vulnerable to clickjacking Moderate
CVE-2022-36182 was published for github.com/hashicorp/boundary (Go) Oct 27, 2022
Prototype pollution in Snowboard framework High
CVE-2022-39357 was published for wintercms/winter (Composer) Oct 27, 2022
Cross-site Scripting in actionpack Low
CVE-2022-3704 was published for actionpack (RubyGems) Oct 27, 2022 withdrawn
rafaelfranca
Rdiffweb subject to Business Logic Errors Critical
CVE-2022-3363 was published for rdiffweb (pip) Oct 27, 2022
Twisted vulnerable to NameVirtualHost Host header injection Moderate
CVE-2022-39348 was published for twisted (pip) Oct 26, 2022
westonsteimel
Execution with Unnecessary Privileges in JupyterApp High
CVE-2022-39286 was published for jupyter-core (pip) Oct 26, 2022
Apache IoTDB subject to ReDOS with Java 8 High
CVE-2022-43766 was published for apache-iotdb (Maven) Oct 26, 2022
Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL Critical
CVE-2022-42468 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Oct 26, 2022
westonsteimel
Apache Linkis subject to Remote Code Execution via deserialization High
CVE-2022-39944 was published for org.apache.linkis:linkis (Maven) Oct 26, 2022
Badaso vulnerable to Remote Code Execution via malicious file upload Critical
CVE-2022-41711 was published for badaso/core (Composer) Oct 26, 2022
HyperDown vulnerable to Cross-site Scripting Moderate
CVE-2022-25849 was published for joyqi/hyper-down (Composer) Oct 26, 2022
Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution Critical
CVE-2022-29823 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
feathers-sequelize vulnerable to SQL injection due to improper parameter filtering Critical
CVE-2022-29822 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
feathers-sequelize contains improper input validation leading to SQL injection Critical
CVE-2022-2422 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database