Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

23,526 advisories

Loading
JXPath Out-of-bounds Write vulnerability Moderate
CVE-2022-40160 was published for commons-jxpath:commons-jxpath (Maven) Oct 6, 2022 withdrawn
JXPath Out-of-bounds Write vulnerability Moderate
CVE-2022-40158 was published for commons-jxpath:commons-jxpath (Maven) Oct 6, 2022 withdrawn
JXPath Out-of-bounds Write vulnerability Moderate
CVE-2022-40161 was published for commons-jxpath:commons-jxpath (Maven) Oct 6, 2022 withdrawn
JXPath Out-of-bounds Write vulnerability Moderate
CVE-2022-40157 was published for commons-jxpath:commons-jxpath (Maven) Oct 6, 2022 withdrawn
JXPath Out-of-bounds Write vulnerability Moderate
CVE-2022-40159 was published for commons-jxpath:commons-jxpath (Maven) Oct 6, 2022 withdrawn
rdiffweb allows a new password to be the same as the previous password Moderate
CVE-2022-3376 was published for rdiffweb (pip) Oct 6, 2022
Moodle Cross-Site Request Forgery (CSRF) High
CVE-2022-2986 was published for moodle/moodle (Composer) Oct 6, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting Moderate
CVE-2022-3002 was published for yetiforce/yetiforce-crm (Composer) Oct 6, 2022
FlyteAdmin's Default OAuth Authorization Server secret must be rotated High
CVE-2022-39273 was published for github.com/flyteorg/flyteadmin (Go) Oct 5, 2022
protobuf-java has a potential Denial of Service issue Moderate
CVE-2022-3171 was published for com.google.protobuf:protobuf-java (RubyGems) Oct 4, 2022
Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module High
CVE-2022-36551 was published for label-studio (pip) Oct 4, 2022
LIEF vulnerable to denial of service through segmentation fault High
CVE-2022-40922 was published for lief (pip) Oct 4, 2022
Dapr Dashboard vulnerable to Incorrect Access Control High
CVE-2022-38817 was published for github.com/dapr/dashboard (Go) Oct 4, 2022
Snyk CLI affected by Command Injection vulnerability High
CVE-2022-40764 was published for snyk (npm) Oct 4, 2022
OrchardCore vulnerable to HTML injection Moderate
CVE-2022-32173 was published for OrchardCore (NuGet) Oct 4, 2022
SQLite3 addresses vulnerability in packaged version of libsqlite Low
GHSA-mgvv-5mxp-xq67 was published for sqlite3 (RubyGems) Oct 3, 2022
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code Critical
CVE-2022-39222 was published for github.com/dexidp/dex (Go) Oct 3, 2022
joernchen bobcallaway
haydentherapper
Uncontrolled Resource Consumption in Jackson-databind High
CVE-2022-42003 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz coheigea
sonnyhcl Christiaan-de-Wet sunSUNQ
Uncontrolled Resource Consumption in FasterXML jackson-databind High
CVE-2022-42004 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz sonnyhcl
sunSUNQ pjfanning
Cloudflare GoFlow vulnerable to a Denial of Service in the sflow packet handling package High
CVE-2022-2529 was published for github.com/cloudflare/goflow/v3 (Go) Oct 1, 2022
JustinTimperio
DNN vulnerable to Relative Path Traversal Moderate
CVE-2022-2922 was published for DotNetNuke.Core (NuGet) Oct 1, 2022
css-what vulnerable to ReDoS due to use of insecure regular expression High
CVE-2022-21222 was published for css-what (npm) Oct 1, 2022
react-native-reanimated vulnerable to ReDoS High
CVE-2022-24373 was published for react-native-reanimated (npm) Oct 1, 2022
tomekzaw annaowens
1644152b6bb4a628d22d02bc1f865_microsoft
rdiffweb's lack of token name length limit can result in DoS or memory corruption High
CVE-2022-3371 was published for rdiffweb (pip) Oct 1, 2022
ProTip! Advisories are also available from the GraphQL API