Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

19,323 advisories

ingress-nginx component for Kubernetes allows file overwrite Moderate
CVE-2020-8553 was published for k8s.io/ingress-nginx (Go) May 24, 2022
Dolibarr CRM allows Privilege Escalation Moderate
CVE-2020-14201 was published for dolibarr/dolibarr (Composer) May 24, 2022
Wildfly Unsafe Deserialization Vulnerability High
CVE-2020-10740 was published for org.wildfly:wildfly-parent (Maven) May 24, 2022
containernetworking/plugins vulnerable to MitM attacks Moderate
CVE-2020-10749 was published for github.com/containernetworking/plugins (Go) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-1073 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0969 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
Diavante vue-storefront-api and storefront-api disclose stack trace Moderate
CVE-2020-11883 was published for storefront-api (npm) May 24, 2022
Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf Moderate
CVE-2023-23931 was published for cryptography (pip) Feb 7, 2023
Wallabag user can delete own API client unintentionally Moderate
CVE-2023-4455 was published for wallabag/wallabag (Composer) Aug 21, 2023
DLL Injection in kerberos High
CVE-2020-13110 was published for kerberos (npm) Sep 4, 2020
jhutchings1
Duplicate Advisory: Kerberos for NodeJS allows DLL Injection High
GHSA-f478-xwv9-p93q was published for kerberos (npm) May 24, 2022 withdrawn
OpenNMS Horizon RCE via Unsafe Deserialization High
CVE-2020-12760 was published for org.opennms.core:org.opennms.core.daemon (Maven) May 24, 2022
SEOmatic for CraftCMS allows Server-Side Template Injection High
CVE-2020-12790 was published for nystudio107/craft-seomatic (Composer) May 24, 2022
WSO2 API Manager vulnerable to SSRF Critical
CVE-2020-13226 was published for org.wso2.am:am-parent (Maven) May 24, 2022
Microweber allows Unrestricted File Upload High
CVE-2020-13241 was published for microweber/microweber (Composer) May 24, 2022
Moodle vulnerable to RCE High
CVE-2020-10738 was published for moodle/moodle (Composer) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-1065 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
Remote code execution via MongoDB BSON parser through prototype pollution Critical
CVE-2022-39396 was published for parse-server (npm) Nov 8, 2022
Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks High
CVE-2022-41879 was published for parse-server (npm) Nov 10, 2022
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers High
CVE-2022-41878 was published for parse-server (npm) Nov 9, 2022
Kubernetes CSI Sidecar Containers Can Allow Unauthorized Data Access Moderate
CVE-2019-11255 was published for github.com/kubernetes-csi/external-provisioner (Go) May 24, 2022
Apache Spark vulnerable to Improper Privilege Management Critical
CVE-2023-22946 was published for org.apache.spark:spark-core_2.12 (Maven) Apr 17, 2023
pan3793
WASM3 segmentation fault Moderate
CVE-2022-34529 was published for pywasm3 (pip) Jul 28, 2022
ovirt-engine Logs Plaintext Passwords To File Moderate
CVE-2017-15113 was published for org.ovirt.engine.sdk:ovirt-engine-sdk-java (Maven) May 13, 2022 withdrawn
Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter High
CVE-2022-44566 was published for activerecord (RubyGems) Jan 18, 2023
robertoz-01 aviyam181199
G-Rath
ProTip! Advisories are also available from the GraphQL API