Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
1,161
Erlang
19
GitHub Actions
6
Go
676
Maven
2,582
npm
2,757
NuGet
247
pip
1,462
Pub
3
RubyGems
524
Rust
544
Unreviewed advisories
All unreviewed
5,000+

9,922 advisories

TemporaryFolder on unix-like systems does not limit access to created files Moderate
CVE-2022-41946 was published for org.postgresql:postgresql (Maven) Nov 23, 2022
JLLeitschuh
Password exposure in H2 Database Moderate
CVE-2022-45868 was published for com.h2database:h2 (Maven) Nov 23, 2022
sweetalert2 v8.19.1 and above contains hidden functionality Low
GHSA-8jh9-wqpf-q52c was published for sweetalert2 (npm) Nov 23, 2022
sweetalert2 v9.17.4 and above contains hidden functionality Low
GHSA-pg98-6v7f-2xfv was published for sweetalert2 (npm) Nov 23, 2022
sweetalert2 v10.16.10 and above contains hidden functionality Low
GHSA-457r-cqc8-9vj9 was published for sweetalert2 (npm) Nov 23, 2022
Cross-Site Request Forgery in Moodle Moderate
CVE-2022-45149 was published for moodle/moodle (Composer) Nov 23, 2022
sweetalert2 v11.4.9 and above contains hidden functionality Low
GHSA-qq6h-5g6j-q3cm was published for sweetalert2 (npm) Nov 23, 2022
Command injection in Apache DolphinScheduler Alert Plugins Moderate
CVE-2022-45462 was published for org.apache.dolphinscheduler:dolphinscheduler-alert-plugins (Maven) Nov 23, 2022
Denial of service in Mattermost Moderate
CVE-2022-4045 was published for github.com/mattermost/mattermost-server (Go) Nov 23, 2022
Denial of service in Mattermost Moderate
CVE-2022-4044 was published for github.com/mattermost/mattermost-server (Go) Nov 23, 2022
Cross-site Scripting in Backdrop CMS Moderate
CVE-2022-42095 was published for backdrop/backdrop (Composer) Nov 23, 2022
Code injection in quarkus dev ui config editor High
CVE-2022-4116 was published for io.quarkus:quarkus-parent (Maven) Nov 22, 2022
Cross-site Scripting in Backdrop CMS Moderate
CVE-2022-42094 was published for backdrop/backdrop (Composer) Nov 22, 2022
Cross-site Scripting in Backdrop CMS Moderate
CVE-2022-42097 was published for backdrop/backdrop (Composer) Nov 22, 2022
Account Takeover Through Password Reset Poisoning Moderate
CVE-2022-33012 was published for microweber/microweber (Composer) Nov 22, 2022
OS Command Injection in Apache Airflow Moderate
CVE-2022-41131 was published for apache-airflow (pip) Nov 22, 2022
OS Command Injection in Apache Airflow Moderate
CVE-2022-40189 was published for apache-airflow (pip) Nov 22, 2022
OS Command Injection in Apache Airflow Moderate
CVE-2022-38649 was published for apache-airflow (pip) Nov 22, 2022
OS Command Injection in Apache Airflow Moderate
CVE-2022-40954 was published for apache-airflow (pip) Nov 22, 2022
Remote code execution vulnerability in dependency System.Drawing.Common Moderate
GHSA-gpv5-rp6w-58r8 was published for Akka (NuGet) Nov 22, 2022
petrikero
Tensorflow vulnerable to Out-of-Bounds Read Moderate
CVE-2022-41880 was published for tensorflow (pip) Nov 22, 2022
Stored XSS in Compare Mode Moderate
CVE-2022-38145 was published for silverstripe/versioned-admin (Composer) Nov 22, 2022
Blind SQL Injection via GridFieldSortableHeader High
CVE-2022-38148 was published for silverstripe/framework (Composer) Nov 22, 2022
Reflected XSS in querystring parameters Moderate
CVE-2022-38462 was published for silverstripe/framework (Composer) Nov 21, 2022
Stored XSS using HTMLEditor Moderate
CVE-2022-37429 was published for silverstripe/framework (Composer) Nov 21, 2022
ProTip! Advisories are also available from the GraphQL API