GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,831
Erlang
36
GitHub Actions
33
Go
2,451
Maven
5,000+
npm
4,073
NuGet
723
pip
3,868
Pub
12
RubyGems
943
Rust
1,010
Swift
39
Unreviewed advisories
All unreviewed
5,000+
23,526 advisories
Filter by severity
JXPath Out-of-bounds Write vulnerability
Moderate
CVE-2022-40160
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
JXPath Out-of-bounds Write vulnerability
Moderate
CVE-2022-40158
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
JXPath Out-of-bounds Write vulnerability
Moderate
CVE-2022-40161
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
JXPath Out-of-bounds Write vulnerability
Moderate
CVE-2022-40157
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
JXPath Out-of-bounds Write vulnerability
Moderate
CVE-2022-40159
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
rdiffweb allows a new password to be the same as the previous password
Moderate
CVE-2022-3376
was published
for
rdiffweb
(pip)
Oct 6, 2022
rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks
High
CVE-2022-3273
was published
for
rdiffweb
(pip)
Oct 6, 2022
Moodle Cross-Site Request Forgery (CSRF)
High
CVE-2022-2986
was published
for
moodle/moodle
(Composer)
Oct 6, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting
Moderate
CVE-2022-3002
was published
for
yetiforce/yetiforce-crm
(Composer)
Oct 6, 2022
FlyteAdmin's Default OAuth Authorization Server secret must be rotated
High
CVE-2022-39273
was published
for
github.com/flyteorg/flyteadmin
(Go)
Oct 5, 2022
protobuf-java has a potential Denial of Service issue
Moderate
CVE-2022-3171
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Oct 4, 2022
Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module
High
CVE-2022-36551
was published
for
label-studio
(pip)
Oct 4, 2022
LIEF vulnerable to denial of service through segmentation fault
High
CVE-2022-40922
was published
for
lief
(pip)
Oct 4, 2022
Dapr Dashboard vulnerable to Incorrect Access Control
High
CVE-2022-38817
was published
for
github.com/dapr/dashboard
(Go)
Oct 4, 2022
Snyk CLI affected by Command Injection vulnerability
High
CVE-2022-40764
was published
for
snyk
(npm)
Oct 4, 2022
OrchardCore vulnerable to HTML injection
Moderate
CVE-2022-32173
was published
for
OrchardCore
(NuGet)
Oct 4, 2022
SQLite3 addresses vulnerability in packaged version of libsqlite
Low
GHSA-mgvv-5mxp-xq67
was published
for
sqlite3
(RubyGems)
Oct 3, 2022
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
Critical
CVE-2022-39222
was published
for
github.com/dexidp/dex
(Go)
Oct 3, 2022
Uncontrolled Resource Consumption in Jackson-databind
High
CVE-2022-42003
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
Uncontrolled Resource Consumption in FasterXML jackson-databind
High
CVE-2022-42004
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
Cloudflare GoFlow vulnerable to a Denial of Service in the sflow packet handling package
High
CVE-2022-2529
was published
for
github.com/cloudflare/goflow/v3
(Go)
Oct 1, 2022
DNN vulnerable to Relative Path Traversal
Moderate
CVE-2022-2922
was published
for
DotNetNuke.Core
(NuGet)
Oct 1, 2022
css-what vulnerable to ReDoS due to use of insecure regular expression
High
CVE-2022-21222
was published
for
css-what
(npm)
Oct 1, 2022
react-native-reanimated vulnerable to ReDoS
High
CVE-2022-24373
was published
for
react-native-reanimated
(npm)
Oct 1, 2022
rdiffweb's lack of token name length limit can result in DoS or memory corruption
High
CVE-2022-3371
was published
for
rdiffweb
(pip)
Oct 1, 2022
ProTip!
Advisories are also available from the
GraphQL API