Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23,755 advisories

Loading
Remote code execution via MongoDB BSON parser through prototype pollution Critical
CVE-2022-39396 was published for parse-server (npm) Nov 8, 2022
fastify/websocket vulnerable to uncaught exception via crash on malformed packet High
CVE-2022-39386 was published for @fastify/websocket (npm) Nov 7, 2022
marcolanaro ramonsnir
tdunlap607
Apache Commons BCEL vulnerable to out-of-bounds write Critical
CVE-2022-42920 was published for org.apache.bcel:bcel (Maven) Nov 7, 2022
Apache Ivy vulnerable to path traversal High
CVE-2022-37866 was published for org.apache.ivy:ivy (Maven) Nov 7, 2022
btcd mishandles witness size checking Critical
CVE-2022-44797 was published for github.com/btcsuite/btcd (Go) Nov 7, 2022
Apache Ivy does not verify target path when extracting the archive Critical
CVE-2022-37865 was published for org.apache.ivy:ivy (Maven) Nov 7, 2022
Froxlor vulnerable to code injection Moderate
CVE-2022-3869 was published for froxlor/froxlor (Composer) Nov 5, 2022
Apache Pulsar Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack High
CVE-2022-33684 was published for pulsar-client (pip) Nov 4, 2022
hsnbozkurt
TiDB vulnerable to Use of Externally-Controlled Format String Critical
CVE-2022-3023 was published for github.com/pingcap/tidb (Go) Nov 4, 2022
dwisiswant0
Froxlor vulnerable to Code Injection Moderate
CVE-2022-3721 was published for froxlor/froxlor (Composer) Nov 4, 2022
diplib Double Free Moderate
CVE-2021-39432 was published for diplib (pip) Nov 4, 2022
XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider Critical
CVE-2022-39387 was published for org.xwiki.contrib.oidc:oidc-authenticator (Maven) Nov 4, 2022
deep-parse-json vulnerable to Prototype Pollution Moderate
CVE-2022-42743 was published for deep-parse-json (npm) Nov 4, 2022
fastest-json-copy vulnerable to Prototype Pollution Moderate
CVE-2022-41714 was published for fastest-json-copy (npm) Nov 4, 2022
Markdownify has Files or Directories Accessible to External Parties Moderate
CVE-2022-41710 was published for electron-markdownify (npm) Nov 4, 2022
deep-object-diff vulnerable to Prototype Pollution Moderate
CVE-2022-41713 was published for deep-object-diff (npm) Nov 4, 2022
diracdeltas ThisIsMissEm
odmana anogr
Apache UIMA Path Traversal vulnerability High
CVE-2022-32287 was published for org.apache.uima:uimaj-core (Maven) Nov 3, 2022
OpenCart SQL injection vulnerability Moderate
CVE-2021-37823 was published for opencart/opencart (Composer) Nov 3, 2022
Reflected Cross site scripting (XSS) in kairosdb Moderate
CVE-2019-19040 was published for org.kairosdb:kairosdb (Maven) Nov 3, 2022
@keystone-6/core's NODE_ENV defaults to development with esbuild Critical
CVE-2022-39382 was published for @keystone-6/core (npm) Nov 3, 2022
acburdine
TYPO3 Extension femanager vulnerable to Broken Access Control Moderate
CVE-2022-44543 was published for in2code/femanager (Composer) Nov 3, 2022
Tribal Systems Zenario CMS vulnerable to Cross-site Scripting Moderate
CVE-2020-36608 was published for tribalsystems/zenario (Composer) Nov 3, 2022
Apache Airflow Cross-site Scripting vulnerability Moderate
CVE-2022-43982 was published for apache-airflow (pip) Nov 2, 2022
Apache Airflow Open Redirect vulnerability Moderate
CVE-2022-43985 was published for apache-airflow (pip) Nov 2, 2022
Centreon vulnerable to SQL Injection Critical
CVE-2022-3827 was published for centreon/centreon (Composer) Nov 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database