GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
866
Go
466
Maven
1,241
npm
2,427
NuGet
177
pip
1,068
RubyGems
468
Rust
402
Unreviewed advisories
All unreviewed
5,000+
7,079 advisories
Filter by severity
Local Information Disclosure Vulnerability in io.netty:netty-codec-http
Moderate
CVE-2022-24823
was published
for
io.netty:netty-codec-http
(Maven)
May 10, 2022
Improper handling of multiline messages in node-irc
High
GHSA-52rh-5rpj-c3w6
was published
for
matrix-org-irc
(npm)
May 5, 2022
Tenant and Verifier might not use the same registrar data
Moderate
CVE-2022-1053
was published
for
keylime
(pip)
May 5, 2022
Microweber vulnerable to cross-site scripting (XSS)
High
CVE-2022-1555
was published
for
microweber/microweber
(Composer)
May 5, 2022
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter
High
CVE-2022-24901
was published
for
parse-server
(npm)
May 4, 2022
Improper path handling in kustomization files allows path traversal
Critical
CVE-2022-24877
was published
for
github.com/fluxcd/flux2
(Go)
May 4, 2022
tkvideo has a memory issue in playing videos
High
CVE-2022-24902
was published
for
tkvideoplayer
(pip)
May 3, 2022
Improper neutralization of formula elements in yii-helpers
High
CVE-2022-1544
was published
for
luyadev/yii-helpers
(Composer)
May 3, 2022
Denial of service vulnerability exists in libxmljs
High
CVE-2022-21144
was published
for
libxmljs
(npm)
May 3, 2022
materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input
Moderate
CVE-2022-25349
was published
for
materialize-css
(npm)
May 3, 2022
angular vulnerable to regular expression denial of service (ReDoS)
Moderate
CVE-2022-25844
was published
for
angular
(npm)
May 3, 2022
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF)
High
CVE-2022-25850
was published
for
github.com/hoppscotch/proxyscotch
(Go)
May 3, 2022
snipe-IT vulnerable to host header injection
High
CVE-2022-23064
was published
for
snipe/snipe-it
(Composer)
May 3, 2022
sinatra does not validate expanded path matches
High
CVE-2022-29970
was published
for
sinatra
(RubyGems)
May 3, 2022
Privilege escalation for users with create/update permissions in Global Roles in Rancher
Moderate
CVE-2021-36784
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
Exposure of repository credentials to external third-party sources in Rancher
High
CVE-2021-36778
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
Write access to the Catalog for any user when restricted-admin role is enabled in Rancher
High
CVE-2021-4200
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
An attacker can execute malicious javascript in Live Helper Chat
Low
CVE-2022-1530
was published
for
remdex/livehelperchat
(Composer)
Apr 30, 2022
Cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS
Moderate
CVE-2021-41948
was published
for
intelliants/subrion
(Composer)
Apr 30, 2022
Podman publishes a malicious image to public registries
High
CVE-2022-1227
was published
for
github.com/containers/podman
(Go)
Apr 30, 2022
tagify can pass a malicious placeholder to initiate the cross-site scripting (XSS) payload
Moderate
CVE-2022-25854
was published
for
@yaireo/tagify
(npm)
Apr 30, 2022
Woodpecker allows cross-site scripting (XSS) via build logs
Moderate
CVE-2022-29947
was published
for
github.com/woodpecker-ci/woodpecker
(Go)
Apr 30, 2022
Object state limitation has no effect
Critical
GHSA-w8qp-hmh5-4v9v
was published
for
ezsystems/ezplatform-kernel
(Composer)
Apr 29, 2022
Object state limitation has no effect
Critical
GHSA-gvj8-4cj4-h776
was published
for
ibexa/core
(Composer)
Apr 29, 2022
Object state limitation has no effect
Critical
GHSA-5x4f-7xgq-r42x
was published
for
ezsystems/ezpublish-kernel
(Composer)
Apr 29, 2022
ProTip!
Advisories are also available from the
GraphQL API