Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,722
Erlang
35
GitHub Actions
29
Go
2,306
Maven
5,000+
npm
3,947
NuGet
711
pip
3,727
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,675 advisories

Loading
fastify-bearer-auth vulnerable to Timing Attack Vector High
CVE-2022-31142 was published for @fastify/bearer-auth (npm) Jul 15, 2022
Uzlopak
OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli Moderate
CVE-2022-31153 was published for openzeppelin-cairo-contracts (pip) Jul 15, 2022
Hudson XML API susceptible to External Entity Injection Vunerability prior to v3.3.2 Critical
CVE-2015-8031 was published for org.jvnet.hudson.main:hudson-core (Maven) Jul 15, 2022
FlyteAdmin Insufficient AccessToken Expiration Check Moderate
CVE-2022-31145 was published for github.com/flyteorg/flyteadmin (Go) Jul 15, 2022
mayitbeegh
Whoogle Search Cross-site Scripting via string parameter Moderate
CVE-2022-25303 was published for whoogle-search (pip) Jul 15, 2022
SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation" Critical
CVE-2022-35628 was published for in2code/lux (Composer) Jul 15, 2022
fabric8 kubernetes-client vulnerable Moderate
CVE-2021-4178 was published for io.fabric8:kubernetes-client (Maven) Jul 15, 2022
sbenhai tdunlap607
llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields Critical
CVE-2022-32214 was published for llhttp (npm) Jul 15, 2022
llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding Critical
CVE-2022-32213 was published for llhttp (npm) Jul 15, 2022
Mattermost users could access some sensitive information via API call Moderate
CVE-2022-2401 was published for github.com/mattermost/mattermost-server/v6 (Go) Jul 15, 2022
Apache Tapestry 5.8.1 vulnerable to ReDoS via Content Types causing catastrophic backtracking High
CVE-2022-31781 was published for org.apache.tapestry:tapestry-core (Maven) Jul 14, 2022
Codecov does not sanitize gcov arguments High
CVE-2019-10800 was published for codecov (pip) Jul 14, 2022
vm2 before 3.6.11 vulnerable to sandbox escape High
CVE-2019-10761 was published for vm2 (npm) Jul 14, 2022
Strapi 4.1.12 Cross-site Scripting via crafted file Moderate
CVE-2022-32114 was published for @strapi/strapi (npm) Jul 14, 2022
RuoYi 4.7.3 vulnerable to arbitrary file upload in background management module Moderate
CVE-2022-32065 was published for com.ruoyi:ruoyi (Maven) Jul 14, 2022
October CMS upload process vulnerable to RCE via Race Condition High
CVE-2022-24800 was published for october/system (Composer) Jul 13, 2022
Ganga allows absolute path traversal Critical
CVE-2022-31507 was published for ganga (pip) Jul 13, 2022
Svelte vulnerable to XSS when using objects during server-side rendering Moderate
CVE-2022-25875 was published for svelte (npm) Jul 13, 2022
aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9 High
CVE-2022-2385 was published for sigs.k8s.io/aws-iam-authenticator (Go) Jul 13, 2022
tdunlap607
Argo CD improper access control bug can allow malicious user to escalate privileges to admin level High
CVE-2022-1025 was published for github.com/argoproj/argo-cd (Go) Jul 13, 2022
Cross site scripting in ameos_tarteaucitron Moderate
CVE-2022-33155 was published for ameos/ameos_tarteaucitron (Composer) Jul 13, 2022
Rudloff
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library Moderate
CVE-2022-30187 was published for Azure.Storage.Blobs (Maven) Jul 13, 2022
andrewpollock
libconnect Extension for Typo3 Vulnerable to XSS Moderate
CVE-2022-33157 was published for subhh/libconnect (Composer) Jul 13, 2022
UnsafeAccessor 1.4.0 until 1.7.0 has no security checking for UnsafeAccess.getInstance() Moderate
CVE-2022-31139 was published for io.github.karlatemp:unsafe-accessor (Maven) Jul 12, 2022
Valinor error messages leading to potential data exfiltration before v0.12.0 High
CVE-2022-31140 was published for cuyz/valinor (Composer) Jul 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database