Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

7,079 advisories

Local Information Disclosure Vulnerability in io.netty:netty-codec-http Moderate
CVE-2022-24823 was published for io.netty:netty-codec-http (Maven) May 10, 2022
JLLeitschuh
Improper handling of multiline messages in node-irc High
GHSA-52rh-5rpj-c3w6 was published for matrix-org-irc (npm) May 5, 2022
kurt-r2c
Tenant and Verifier might not use the same registrar data Moderate
CVE-2022-1053 was published for keylime (pip) May 5, 2022
THS-on
Microweber vulnerable to cross-site scripting (XSS) High
CVE-2022-1555 was published for microweber/microweber (Composer) May 5, 2022
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter High
CVE-2022-24901 was published for parse-server (npm) May 4, 2022
yoshmidev kurt-r2c
Improper path handling in kustomization files allows path traversal Critical
CVE-2022-24877 was published for github.com/fluxcd/flux2 (Go) May 4, 2022
hiddeco kurt-r2c
tkvideo has a memory issue in playing videos High
CVE-2022-24902 was published for tkvideoplayer (pip) May 3, 2022
Improper neutralization of formula elements in yii-helpers High
CVE-2022-1544 was published for luyadev/yii-helpers (Composer) May 3, 2022
Denial of service vulnerability exists in libxmljs High
CVE-2022-21144 was published for libxmljs (npm) May 3, 2022
materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input Moderate
CVE-2022-25349 was published for materialize-css (npm) May 3, 2022
angular vulnerable to regular expression denial of service (ReDoS) Moderate
CVE-2022-25844 was published for angular (npm) May 3, 2022
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF) High
CVE-2022-25850 was published for github.com/hoppscotch/proxyscotch (Go) May 3, 2022
snipe-IT vulnerable to host header injection High
CVE-2022-23064 was published for snipe/snipe-it (Composer) May 3, 2022
sinatra does not validate expanded path matches High
CVE-2022-29970 was published for sinatra (RubyGems) May 3, 2022
Privilege escalation for users with create/update permissions in Global Roles in Rancher Moderate
CVE-2021-36784 was published for github.com/rancher/rancher (Go) May 2, 2022
Exposure of repository credentials to external third-party sources in Rancher High
CVE-2021-36778 was published for github.com/rancher/rancher (Go) May 2, 2022
dasMulli
Write access to the Catalog for any user when restricted-admin role is enabled in Rancher High
CVE-2021-4200 was published for github.com/rancher/rancher (Go) May 2, 2022
An attacker can execute malicious javascript in Live Helper Chat Low
CVE-2022-1530 was published for remdex/livehelperchat (Composer) Apr 30, 2022
Cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS Moderate
CVE-2021-41948 was published for intelliants/subrion (Composer) Apr 30, 2022
Podman publishes a malicious image to public registries High
CVE-2022-1227 was published for github.com/containers/podman (Go) Apr 30, 2022
tagify can pass a malicious placeholder to initiate the cross-site scripting (XSS) payload Moderate
CVE-2022-25854 was published for @yaireo/tagify (npm) Apr 30, 2022
Woodpecker allows cross-site scripting (XSS) via build logs Moderate
CVE-2022-29947 was published for github.com/woodpecker-ci/woodpecker (Go) Apr 30, 2022
Object state limitation has no effect Critical
GHSA-w8qp-hmh5-4v9v was published for ezsystems/ezplatform-kernel (Composer) Apr 29, 2022
Object state limitation has no effect Critical
GHSA-gvj8-4cj4-h776 was published for ibexa/core (Composer) Apr 29, 2022
Object state limitation has no effect Critical
GHSA-5x4f-7xgq-r42x was published for ezsystems/ezpublish-kernel (Composer) Apr 29, 2022
ProTip! Advisories are also available from the GraphQL API