Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,801
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,010
NuGet
720
pip
3,810
Pub
12
RubyGems
930
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

23,161 advisories

Loading
Apache James vulnerable to buffering attack High
CVE-2022-28220 was published for org.apache.james:james-server (Maven) Sep 9, 2022
rdiffweb vulnerable to Improper Restriction of Rendered UI Layers or Frames Critical
CVE-2022-3167 was published for rdiffweb (pip) Sep 9, 2022
MEI2Volpiano is vulnerable to XML External Entity (XXE), leading to a Denial of Service (DoS) High
CVE-2022-37189 was published for mei2volpiano (pip) Sep 8, 2022
Blink1Control2 uses weak password encryption High
CVE-2022-35513 was published for Blink1Control2 (npm) Sep 8, 2022
RosarioSIS before 10.1 vulnerable to Improper Handling of Length Parameter Inconsistency High
CVE-2022-2714 was published for francoisjacquet/rosariosis (Composer) Sep 7, 2022
Unauthenticated Sensitive Information Disclosure vulnerability Moderate
CVE-2022-34867 was published for libreform/libreform (Composer) Sep 7, 2022
Barbican authorization flaw before v14.0.0 High
CVE-2022-23451 was published for barbican (pip) Sep 7, 2022
x/crypto/ssh vulnerable to panic via malformed packets High
CVE-2021-43565 was published for golang.org/x/crypto (Go) Sep 7, 2022
golang.org/x/net/http2 Denial of Service vulnerability High
CVE-2022-27664 was published for golang.org/x/net (Go) Sep 7, 2022
westonsteimel
FeehiCMS has an arbitrary file upload vulnerability Critical
CVE-2020-21516 was published for feehi/cms (Composer) Sep 7, 2022
rthorpeii
Gluu Oxauth before v4.4.1 vulnerable to Server-Side Request Forgery attacks via a crafted request_uri parameter Critical
CVE-2022-36663 was published for org.gluu:oxauth-common (Maven) Sep 7, 2022
tdunlap607
snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write Moderate
CVE-2022-38749 was published for be.cylab:snakeyaml (Maven) Sep 6, 2022
snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write Moderate
CVE-2022-38751 was published for org.yaml:snakeyaml (Maven) Sep 6, 2022
snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write Moderate
CVE-2022-38750 was published for org.yaml:snakeyaml (Maven) Sep 6, 2022
Apache IoTDB Session Fixation vulnerability Moderate
CVE-2022-38369 was published for apache-iotdb (Maven) Sep 6, 2022
snakeYAML before 1.32 vulnerable to Denial of Service due to Out-of-bounds Write Moderate
CVE-2022-38752 was published for org.yaml:snakeyaml (Maven) Sep 6, 2022
mprins
Apache IoTDB grafana-connector contains an interface without authorization High
CVE-2022-38370 was published for org.apache.iotdb:iotdb-grafana-connector (Maven) Sep 6, 2022
Apache Airflow Session Fixation vulnerability Critical
CVE-2022-38054 was published for apache-airflow (pip) Sep 3, 2022
Apache Airflow exposes arbitrary file content Moderate
CVE-2022-38170 was published for apache-airflow (pip) Sep 3, 2022
sunSUNQ
`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr High
GHSA-c439-chv8-8g2j was published for os_socketaddr (Rust) Sep 2, 2022
Indy's NODE_UPGRADE transaction vulnerable to remote code execution High
CVE-2022-31020 was published for indy-node (pip) Sep 2, 2022
shakreiner
francoisjacquet/rosariosis vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-3072 was published for francoisjacquet/rosariosis (Composer) Sep 2, 2022
Apache ShenYu Admin has insecure permissions High
CVE-2022-37435 was published for org.apache.shenyu:shenyu-common (Maven) Sep 2, 2022
python-scciclient vulnerable to Man-in-the-middle (MITM) attacks Critical
CVE-2022-2996 was published for python-scciclient (pip) Sep 2, 2022
openstack-barbican Denial of Service vulnerability Moderate
CVE-2022-23452 was published for barbican (pip) Sep 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database