Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
866
Go
466
Maven
1,241
npm
2,427
NuGet
177
pip
1,068
RubyGems
468
Rust
402
Unreviewed advisories
All unreviewed
5,000+

7,079 advisories

Local Information Disclosure Vulnerability in io.netty:netty-codec-http Moderate
CVE-2022-24823 was published for io.netty:netty-codec-http (Maven) May 10, 2022
JLLeitschuh
Improper handling of multiline messages in node-irc High
GHSA-52rh-5rpj-c3w6 was published for matrix-org-irc (npm) May 5, 2022
kurt-r2c
Tenant and Verifier might not use the same registrar data Moderate
CVE-2022-1053 was published for keylime (pip) May 5, 2022
THS-on
Microweber vulnerable to cross-site scripting (XSS) High
CVE-2022-1555 was published for microweber/microweber (Composer) May 5, 2022
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter High
CVE-2022-24901 was published for parse-server (npm) May 4, 2022
yoshmidev kurt-r2c
Improper path handling in kustomization files allows path traversal Critical
CVE-2022-24877 was published for github.com/fluxcd/flux2 (Go) May 4, 2022
hiddeco kurt-r2c
tkvideo has a memory issue in playing videos High
CVE-2022-24902 was published for tkvideoplayer (pip) May 3, 2022
Improper neutralization of formula elements in yii-helpers High
CVE-2022-1544 was published for luyadev/yii-helpers (Composer) May 3, 2022
Denial of service vulnerability exists in libxmljs High
CVE-2022-21144 was published for libxmljs (npm) May 3, 2022
materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input Moderate
CVE-2022-25349 was published for materialize-css (npm) May 3, 2022
angular vulnerable to regular expression denial of service (ReDoS) Moderate
CVE-2022-25844 was published for angular (npm) May 3, 2022
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF) High
CVE-2022-25850 was published for github.com/hoppscotch/proxyscotch (Go) May 3, 2022
snipe-IT vulnerable to host header injection High
CVE-2022-23064 was published for snipe/snipe-it (Composer) May 3, 2022
sinatra does not validate expanded path matches High
CVE-2022-29970 was published for sinatra (RubyGems) May 3, 2022
Privilege escalation for users with create/update permissions in Global Roles in Rancher Moderate
CVE-2021-36784 was published for github.com/rancher/rancher (Go) May 2, 2022
Exposure of repository credentials to external third-party sources in Rancher High
CVE-2021-36778 was published for github.com/rancher/rancher (Go) May 2, 2022
dasMulli
Write access to the Catalog for any user when restricted-admin role is enabled in Rancher High
CVE-2021-4200 was published for github.com/rancher/rancher (Go) May 2, 2022
An attacker can execute malicious javascript in Live Helper Chat Low
CVE-2022-1530 was published for remdex/livehelperchat (Composer) Apr 30, 2022
Cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS Moderate
CVE-2021-41948 was published for intelliants/subrion (Composer) Apr 30, 2022
Podman publishes a malicious image to public registries High
CVE-2022-1227 was published for github.com/containers/podman (Go) Apr 30, 2022
tagify can pass a malicious placeholder to initiate the cross-site scripting (XSS) payload Moderate
CVE-2022-25854 was published for @yaireo/tagify (npm) Apr 30, 2022
Woodpecker allows cross-site scripting (XSS) via build logs Moderate
CVE-2022-29947 was published for github.com/woodpecker-ci/woodpecker (Go) Apr 30, 2022
Object state limitation has no effect Critical
GHSA-w8qp-hmh5-4v9v was published for ezsystems/ezplatform-kernel (Composer) Apr 29, 2022
Object state limitation has no effect Critical
GHSA-gvj8-4cj4-h776 was published for ibexa/core (Composer) Apr 29, 2022
Object state limitation has no effect Critical
GHSA-5x4f-7xgq-r42x was published for ezsystems/ezpublish-kernel (Composer) Apr 29, 2022
ProTip! Advisories are also available from the GraphQL API