Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

9,922 advisories

TemporaryFolder on unix-like systems does not limit access to created files Moderate
CVE-2022-41946 was published for org.postgresql:postgresql (Maven) Nov 23, 2022
JLLeitschuh
Password exposure in H2 Database Moderate
CVE-2022-45868 was published for com.h2database:h2 (Maven) Nov 23, 2022
sweetalert2 v8.19.1 and above contains hidden functionality Low
GHSA-8jh9-wqpf-q52c was published for sweetalert2 (npm) Nov 23, 2022
sweetalert2 v9.17.4 and above contains hidden functionality Low
GHSA-pg98-6v7f-2xfv was published for sweetalert2 (npm) Nov 23, 2022
sweetalert2 v10.16.10 and above contains hidden functionality Low
GHSA-457r-cqc8-9vj9 was published for sweetalert2 (npm) Nov 23, 2022
Cross-Site Request Forgery in Moodle Moderate
CVE-2022-45149 was published for moodle/moodle (Composer) Nov 23, 2022
sweetalert2 v11.4.9 and above contains hidden functionality Low
GHSA-qq6h-5g6j-q3cm was published for sweetalert2 (npm) Nov 23, 2022
Command injection in Apache DolphinScheduler Alert Plugins Moderate
CVE-2022-45462 was published for org.apache.dolphinscheduler:dolphinscheduler-alert-plugins (Maven) Nov 23, 2022
Denial of service in Mattermost Moderate
CVE-2022-4045 was published for github.com/mattermost/mattermost-server (Go) Nov 23, 2022
Denial of service in Mattermost Moderate
CVE-2022-4044 was published for github.com/mattermost/mattermost-server (Go) Nov 23, 2022
Cross-site Scripting in Backdrop CMS Moderate
CVE-2022-42095 was published for backdrop/backdrop (Composer) Nov 23, 2022
Code injection in quarkus dev ui config editor High
CVE-2022-4116 was published for io.quarkus:quarkus-parent (Maven) Nov 22, 2022
Cross-site Scripting in Backdrop CMS Moderate
CVE-2022-42094 was published for backdrop/backdrop (Composer) Nov 22, 2022
Cross-site Scripting in Backdrop CMS Moderate
CVE-2022-42097 was published for backdrop/backdrop (Composer) Nov 22, 2022
Account Takeover Through Password Reset Poisoning Moderate
CVE-2022-33012 was published for microweber/microweber (Composer) Nov 22, 2022
OS Command Injection in Apache Airflow Moderate
CVE-2022-41131 was published for apache-airflow (pip) Nov 22, 2022
OS Command Injection in Apache Airflow Moderate
CVE-2022-40189 was published for apache-airflow (pip) Nov 22, 2022
OS Command Injection in Apache Airflow Moderate
CVE-2022-38649 was published for apache-airflow (pip) Nov 22, 2022
OS Command Injection in Apache Airflow Moderate
CVE-2022-40954 was published for apache-airflow (pip) Nov 22, 2022
Remote code execution vulnerability in dependency System.Drawing.Common Moderate
GHSA-gpv5-rp6w-58r8 was published for Akka (NuGet) Nov 22, 2022
petrikero
Tensorflow vulnerable to Out-of-Bounds Read Moderate
CVE-2022-41880 was published for tensorflow (pip) Nov 22, 2022
Stored XSS in Compare Mode Moderate
CVE-2022-38145 was published for silverstripe/versioned-admin (Composer) Nov 22, 2022
Blind SQL Injection via GridFieldSortableHeader High
CVE-2022-38148 was published for silverstripe/framework (Composer) Nov 22, 2022
Reflected XSS in querystring parameters Moderate
CVE-2022-38462 was published for silverstripe/framework (Composer) Nov 21, 2022
Stored XSS using HTMLEditor Moderate
CVE-2022-37429 was published for silverstripe/framework (Composer) Nov 21, 2022
ProTip! Advisories are also available from the GraphQL API