Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
1,163
Erlang
19
GitHub Actions
6
Go
676
Maven
2,584
npm
2,760
NuGet
248
pip
1,464
Pub
3
RubyGems
524
Rust
544
Unreviewed advisories
All unreviewed
5,000+

9,930 advisories

Package discontinued because Bitly lowered the free quota Low
GHSA-ggrh-grj3-vfvw was published for bitlyshortener (pip) Nov 28, 2022
baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability Moderate
CVE-2022-39325 was published for baserproject/basercms (Composer) Nov 28, 2022
Temporary File Information Disclosure vulnerability in MPXJ Low
CVE-2022-41954 was published for mpxj (Maven) Nov 28, 2022
code injection in phpxmlrpc/phpxmlrpc High
GHSA-3fgr-xjr6-xqm8 was published for phpxmlrpc/phpxmlrpc (Composer) Nov 28, 2022
ghost vulnerable to unauthorized newsletter modification via improper access controls High
CVE-2022-41654 was published for ghost (npm) Nov 28, 2022
decode-uri-component vulnerable to Denial of Service (DoS) Low
CVE-2022-38900 was published for decode-uri-component (npm) Nov 28, 2022
Heap buffer overflow in GPU Critical
CVE-2022-4135 was published for electron (npm) Nov 25, 2022
rajivshah3
TemporaryFolder on unix-like systems does not limit access to created files Moderate
CVE-2022-41946 was published for org.postgresql:postgresql (Maven) Nov 23, 2022
JLLeitschuh
Password exposure in H2 Database Moderate
CVE-2022-45868 was published for com.h2database:h2 (Maven) Nov 23, 2022
sweetalert2 v8.19.1 and above contains hidden functionality Low
GHSA-8jh9-wqpf-q52c was published for sweetalert2 (npm) Nov 23, 2022
sweetalert2 v9.17.4 and above contains hidden functionality Low
GHSA-pg98-6v7f-2xfv was published for sweetalert2 (npm) Nov 23, 2022
sweetalert2 v10.16.10 and above contains hidden functionality Low
GHSA-457r-cqc8-9vj9 was published for sweetalert2 (npm) Nov 23, 2022
Cross-Site Request Forgery in Moodle Moderate
CVE-2022-45149 was published for moodle/moodle (Composer) Nov 23, 2022
sweetalert2 v11.4.9 and above contains hidden functionality Low
GHSA-qq6h-5g6j-q3cm was published for sweetalert2 (npm) Nov 23, 2022
Command injection in Apache DolphinScheduler Alert Plugins Critical
CVE-2022-45462 was published for org.apache.dolphinscheduler:dolphinscheduler-alert-plugins (Maven) Nov 23, 2022
Denial of service in Mattermost Moderate
CVE-2022-4045 was published for github.com/mattermost/mattermost-server (Go) Nov 23, 2022
Denial of service in Mattermost Moderate
CVE-2022-4044 was published for github.com/mattermost/mattermost-server (Go) Nov 23, 2022
Cross-site Scripting in Backdrop CMS Moderate
CVE-2022-42095 was published for backdrop/backdrop (Composer) Nov 23, 2022
Code injection in quarkus dev ui config editor Critical
CVE-2022-4116 was published for io.quarkus:quarkus-parent (Maven) Nov 22, 2022
Cross-site Scripting in Backdrop CMS Moderate
CVE-2022-42094 was published for backdrop/backdrop (Composer) Nov 22, 2022
Cross-site Scripting in Backdrop CMS Moderate
CVE-2022-42097 was published for backdrop/backdrop (Composer) Nov 22, 2022
Account Takeover Through Password Reset Poisoning High
CVE-2022-33012 was published for microweber/microweber (Composer) Nov 22, 2022
OS Command Injection in Apache Airflow Moderate
CVE-2022-40189 was published for apache-airflow (pip) Nov 22, 2022
OS Command Injection in Apache Airflow Moderate
CVE-2022-38649 was published for apache-airflow (pip) Nov 22, 2022
OS Command Injection in Apache Airflow High
CVE-2022-41131 was published for apache-airflow (pip) Nov 22, 2022
ProTip! Advisories are also available from the GraphQL API