Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23,755 advisories

Loading
Wasmtime out of bounds read/write with zero-memory-pages configuration Moderate
CVE-2022-39392 was published for wasmtime (Rust) Nov 10, 2022
alexcrichton
mm-wiki is vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2021-40289 was published for github.com/phachon/mm-wiki (Go) Nov 10, 2022
Read the Docs vulnerable to Cross-Site Scripting (XSS) Moderate
GHSA-98pf-gfh3-x3mp was published for readthedocs (npm) Nov 10, 2022
stsewd
Redwood is vulnerable to account takeover via dbAuth "forgot-password" High
GHSA-3qmc-2r76-4rqp was published for @redwoodjs/api (npm) Nov 10, 2022
Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks High
CVE-2022-41879 was published for parse-server (npm) Nov 10, 2022
Exfiltration of hashed SMB credentials on Windows via file:// redirect Moderate
CVE-2022-36077 was published for electron (npm) Nov 10, 2022
coolcoolnoworries
cleo is vulnerable to Regular Expression Denial of Service (ReDoS) Moderate
CVE-2022-42966 was published for cleo (pip) Nov 10, 2022
neersighted tdunlap607
pymatgen is vulnerable to Regular Expression Denial of Service (ReDoS) Moderate
CVE-2022-42964 was published for pymatgen (pip) Nov 10, 2022
snowflake-connector-python is vulnerable to Regular Expression Denial of Service (ReDoS) Moderate
CVE-2022-42965 was published for snowflake-connector-python (pip) Nov 10, 2022
JBrown0x90 westonsteimel
Lin CMS vulnerable to Improper Authentication Moderate
CVE-2022-44244 was published for Lin-CMS (Maven) Nov 10, 2022
aruneko richardfan0606
HashiCorp Nomad vulnerable to non-sensitive metadata exposure Moderate
CVE-2022-3866 was published for github.com/hashicorp/nomad (Go) Nov 10, 2022
tdunlap607
Payara, when deployed to the root context, allows attackers to visit META-INF and WEB-INF High
CVE-2022-45129 was published for fish.payara.distributions:payara (Maven) Nov 10, 2022
tstoney-exiger
HashiCorp Nomad vulnerable to Insufficient Session Expiration Low
CVE-2022-3867 was published for github.com/hashicorp/nomad (Go) Nov 10, 2022
tdunlap607
Istio may allow identity impersonation if user has localhost access High
CVE-2022-39388 was published for github.com/istio/istio (Go) Nov 9, 2022
howardjohn
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers High
CVE-2022-41878 was published for parse-server (npm) Nov 9, 2022
Vela Insecure Defaults Critical
CVE-2022-39395 was published for github.com/go-vela/server (Go) Nov 9, 2022
Subrion CMS is vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-43121 was published for intelliants/subrion (Composer) Nov 9, 2022
FeehiCMS is vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-43320 was published for feehi/cms (Composer) Nov 9, 2022
Subrion CMS is vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-43120 was published for intelliants/subrion (Composer) Nov 9, 2022
Failing DTLS handshakes may cause throttling to block processing of records High
CVE-2022-39368 was published for org.eclipse.californium:scandium (Maven) Nov 9, 2022
.NET Information Disclosure Vulnerability Moderate
CVE-2022-41064 was published for Microsoft.Data.SqlClient (NuGet) Nov 8, 2022
shanrath grvillic
OpenFGA Authorization Bypass Moderate
CVE-2022-39352 was published for github.com/openfga/openfga (Go) Nov 8, 2022
tdunlap607
Invalid use of `mem::uninitialized` causes `use-of-uninitialized-value` Moderate
GHSA-5m39-wx2q-mxg3 was published for lzf (Rust) Nov 8, 2022
Withdrawn: Octocat.js vulnerable to code injection High
CVE-2022-39390 was published for octocat.js (npm) Nov 8, 2022 withdrawn
Tauri Filesystem Scope can be Partially Bypassed Low
CVE-2022-41874 was published for Tauri (Rust) Nov 8, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database