Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,714
Erlang
34
GitHub Actions
28
Go
2,301
Maven
5,000+
npm
3,942
NuGet
711
pip
3,711
Pub
12
RubyGems
920
Rust
960
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,614 advisories

Loading
Path Traversal in Beego Critical
CVE-2022-31836 was published for github.com/beego/beego (Go) Jul 6, 2022
Improper Restriction of Excessive Authentication Attempts Critical
CVE-2022-2321 was published for github.com/heroiclabs/nakama/v3 (Go) Jul 6, 2022
jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method High
CVE-2022-31147 was published for jquery-validation (npm) Jul 5, 2022
erik-krogh bytestream
mthreer
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares Moderate
GHSA-c58j-88f5-h53f was published for pycares (pip) Jul 5, 2022
Incorrect handling of invalid surrogate pair characters High
CVE-2022-31116 was published for ujson (pip) Jul 5, 2022
JustAnotherArchivist the-bumble
Potential double free of buffer during string decoding Moderate
CVE-2022-31117 was published for ujson (pip) Jul 5, 2022
JustAnotherArchivist
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization High
CVE-2022-31115 was published for opensearch-ruby (RubyGems) Jul 5, 2022
tdunlap607
Possible inject arbitrary `CSS` into the generated graph affecting the container HTML Moderate
CVE-2022-31108 was published for mermaid (npm) Jul 5, 2022
Cross-site Scripting in microweber Moderate
CVE-2022-2300 was published for microweber/microweber (Composer) Jul 5, 2022
SQL injection in typeORM Critical
CVE-2022-33171 was published for typeorm (npm) Jul 5, 2022
Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection Critical
CVE-2022-34265 was published for Django (pip) Jul 5, 2022
Cross-site Scripting in microweber Moderate
CVE-2022-2280 was published for microweber/microweber (Composer) Jul 2, 2022
openssl-src heap memory corruption with RSA private key operation Critical
CVE-2022-2274 was published for openssl-src (Rust) Jul 2, 2022
LunaBorowska
Command injection in git-clone High
CVE-2022-25900 was published for git-clone (npm) Jul 2, 2022
lirantal
Server-Side Request Forgery in link-preview-js Moderate
CVE-2022-25876 was published for link-preview-js (npm) Jul 2, 2022
jhutchings1
Unrestricted Upload of File with Dangerous Type in MCMS Critical
CVE-2022-31943 was published for net.mingsoft:ms-mcms (Maven) Jul 2, 2022
Passport vulnerable to session regeneration when a users logs in or out Moderate
CVE-2022-25896 was published for passport (npm) Jul 2, 2022
jhutchings1
Regular expression denial of service in scss-tokenizer High
CVE-2022-25758 was published for scss-tokenizer (npm) Jul 2, 2022
jhutchings1 G-Rath
tomas-cerney
Prototype Pollution in deep.assign Critical
CVE-2021-40663 was published for deep.assign (npm) Jul 1, 2022
Ember.js Potential XSS Exploit When Binding `tagName` to User-Supplied Data Moderate
CVE-2013-4170 was published for ember-source (RubyGems) Jul 1, 2022
Jenkins OpsGenie Plugin Plaintext Storage of a Password vulnerability Moderate
CVE-2022-34803 was published for org.jenkins-ci.plugins:opsgenie (Maven) Jul 1, 2022
Jenkins XPath Configuration Viewer Plugin Missing Authorization vulnerability Moderate
CVE-2022-34813 was published for org.jenkins-ci.plugins:xpath-config-viewer (Maven) Jul 1, 2022
Token stored in plain text by Jenkins Cisco Spark Plugin Low
CVE-2022-34808 was published for org.jenkins-ci.plugins:cisco-spark (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Request Rename Or Delete Plugin Moderate
CVE-2022-34815 was published for org.jenkins-ci.plugins:rrod (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin Moderate
CVE-2022-34812 was published for org.jenkins-ci.plugins:xpath-config-viewer (Maven) Jul 1, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database