GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,779
Erlang
36
GitHub Actions
29
Go
2,338
Maven
5,000+
npm
3,973
NuGet
715
pip
3,769
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+
22,904 advisories
Filter by severity
Rust-WebSocket memory allocation based on untrusted length
High
CVE-2022-35922
was published
for
websocket
(Rust)
Aug 6, 2022
@acrontum/filesystem-template vulnerable to Command Injection due to fetchRepo API missing sanitization
Critical
CVE-2022-21186
was published
for
@acrontum/filesystem-template
(npm)
Aug 6, 2022
Moodle XSS Vulnerability
Moderate
CVE-2020-1691
was published
for
moodle/moodle
(Composer)
Aug 6, 2022
administrate vulnerable to Cross-Site Request Forgery
Moderate
CVE-2016-3098
was published
for
administrate
(RubyGems)
Aug 6, 2022
Undertow vulnerable to Dos via Large AJP request
High
CVE-2022-2053
was published
for
io.undertow:undertow-core
(Maven)
Aug 6, 2022
Keycloak allows arbitrary Javascript to be uploaded for SAML protocol mapper even if UPLOAD_SCRIPTS feature disabled
High
GHSA-q2gp-gph3-88x9
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Aug 6, 2022
•
withdrawn
Go Ethereum allows attackers to use manipulation of time-difference values to achieve replacement of main-chain blocks
Moderate
CVE-2022-37450
was published
for
github.com/ethereum/go-ethereum
(Go)
Aug 6, 2022
Apache JSPWiki XSS due to crafted request on XHRHtml2Markup.jsp
Moderate
CVE-2022-27166
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Aug 5, 2022
Apache JSPWiki CSRF due to crafted invocation on the Image plugin
High
CVE-2022-34158
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Aug 5, 2022
Apache JSPWiki XSS due to incomplete patch for CVE-2021-40369
Moderate
CVE-2022-28730
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Aug 5, 2022
Apache JSPWiki XSS due to crafted request in WeblogPlugin
Moderate
CVE-2022-28732
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Aug 5, 2022
Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp
Moderate
CVE-2022-28731
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Aug 5, 2022
Apache Hadoop argument injection vulnerability
Critical
CVE-2022-25168
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Aug 5, 2022
Raneto vulnerable to Cross-site Scripting
Moderate
CVE-2022-35144
was published
for
raneto
(npm)
Aug 5, 2022
Raneto Denial of Service via crafted payload injected into `Search` parameter
High
CVE-2022-35142
was published
for
raneto
(npm)
Aug 5, 2022
Raneto v0.17.0 employs weak password complexity requirements
Critical
CVE-2022-35143
was published
for
raneto
(npm)
Aug 5, 2022
OpenStack Nova Changing vnic_type breaks compute service restart
Low
CVE-2022-37394
was published
for
nova
(pip)
Aug 4, 2022
`libsqlite3-sys` via C SQLite improperly validates array index
High
CVE-2022-35737
was published
for
libsqlite3-sys
(Rust)
Aug 4, 2022
get-npm-package-version Command Injection vulnerability
Critical
CVE-2020-7795
was published
for
get-npm-package-version
(npm)
Aug 3, 2022
node-latex-pdf is susceptible to command injection
Critical
CVE-2020-28433
was published
for
node-latex-pdf
(npm)
Aug 3, 2022
curljs Command Injection vulnerability
Critical
CVE-2020-28425
was published
for
curljs
(npm)
Aug 3, 2022
image-tiler susceptible to command injection
Critical
CVE-2020-28451
was published
for
image-tiler
(npm)
Aug 3, 2022
gitblame susceptible to command injection
Critical
CVE-2020-28434
was published
for
gitblame
(npm)
Aug 3, 2022
heroku-env susceptible to command injection
Critical
CVE-2020-28437
was published
for
heroku-env
(npm)
Aug 3, 2022
Socket.IO-client Java before 2.0.1 vulnerable to NULL Pointer Dereference
High
CVE-2022-25867
was published
for
io.socket:socket.io-client
(Maven)
Aug 3, 2022
ProTip!
Advisories are also available from the
GraphQL API