Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,855
Erlang
36
GitHub Actions
35
Go
2,481
Maven
5,000+
npm
4,102
NuGet
734
pip
3,915
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23,728 advisories

Loading
Apache Linkis subject to Remote Code Execution via deserialization High
CVE-2022-39944 was published for org.apache.linkis:linkis (Maven) Oct 26, 2022
Badaso vulnerable to Remote Code Execution via malicious file upload Critical
CVE-2022-41711 was published for badaso/core (Composer) Oct 26, 2022
HyperDown vulnerable to Cross-site Scripting Moderate
CVE-2022-25849 was published for joyqi/hyper-down (Composer) Oct 26, 2022
Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution Critical
CVE-2022-29823 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
feathers-sequelize vulnerable to SQL injection due to improper parameter filtering Critical
CVE-2022-29822 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
feathers-sequelize contains improper input validation leading to SQL injection Critical
CVE-2022-2422 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
Insufficient validation when decoding a Socket.IO packet Critical
CVE-2022-2421 was published for socket.io-parser (npm) Oct 26, 2022
darrachequesne kurt-r2c
Inefficient Regular Expression Complexity in shescape High
CVE-2022-25918 was published for shescape (npm) Oct 25, 2022
mowzk
Incorrect is_static parameter for custom stateful precompiles in SputnikVM (evm) Moderate
CVE-2022-39354 was published for evm (Rust) Oct 25, 2022
Gin-vue-admin subject to Remote Code Execution via file upload vulnerability Critical
CVE-2022-39345 was published for github.com/flipped-aurora/gin-vue-admin/server (Go) Oct 25, 2022
0xngs
Skipper vulnerable to SSRF via X-Skipper-Proxy Critical
CVE-2022-38580 was published for github.com/zalando/skipper (Go) Oct 25, 2022
tdunlap607
matrix-sdk 0.6.0 logs access tokens Moderate
GHSA-fc4h-xcf3-qj5f was published for matrix-sdk (Rust) Oct 25, 2022
@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details Moderate
CVE-2022-39350 was published for @dependencytrack/frontend (npm) Oct 25, 2022
Waterstraal
OpenFGA Authorization Bypass via tupleset wildcard Moderate
CVE-2022-39341 was published for github.com/openfga/openfga (Go) Oct 25, 2022
OpenFGA Authorization Bypass Moderate
CVE-2022-39342 was published for github.com/openfga/openfga (Go) Oct 25, 2022
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint Moderate
CVE-2022-39340 was published for github.com/openfga/openfga (Go) Oct 25, 2022
Improper Control of Generation of Code ('Code Injection') in Azure CLI High
CVE-2022-39327 was published for azure-cli (pip) Oct 25, 2022
Docker Command Escaping in the GitHub Actions Runner High
CVE-2022-39321 was published for actions/runner (GitHub Actions) Oct 25, 2022
Apache XML Graphics Batik vulnerable to code execution via SVG. High
CVE-2022-41704 was published for org.apache.xmlgraphics:batik (Maven) Oct 25, 2022
Untrusted code execution in Apache XML Graphics Batik High
CVE-2022-42890 was published for org.apache.xmlgraphics:batik (Maven) Oct 25, 2022
Apache Geode vulnerable to Cross-Site Scripting Moderate
CVE-2022-34870 was published for org.apache.geode:geode-core (Maven) Oct 25, 2022
Plaintext storage of tokens in pulp_ansible Moderate
CVE-2022-3644 was published for pulp-ansible (pip) Oct 25, 2022
.NET Core Elevation of Privilege Vulnerability High
CVE-2021-26423 was published for Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64 (NuGet) Oct 25, 2022
free5GC vulnerable to malformed NGAP message crashing the AMF and NGAP decoders Moderate
CVE-2022-43677 was published for github.com/free5gc/free5gc (Go) Oct 24, 2022
Duplicate Advisory: Improper Restriction of XML External Entity Reference in pikepdf Critical
CVE-2021-46849 was published for pikepdf (pip) Oct 24, 2022 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database