GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
298 advisories
ZK Framework vulnerable to malicious POST
High
CVE-2022-36537
was published
for
org.zkoss.zk:zk
(Maven)
Aug 27, 2022
CakePHP allows remote attackers to spoof their IP
High
CVE-2016-4793
was published
for
cakephp/cakephp
(Composer)
May 14, 2022
Concrete CMS vulnerable to Improper Authentication
Moderate
CVE-2022-43690
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
Improper Certificate Validation in node-sass
Moderate
CVE-2020-24025
was published
for
node-sass
(npm)
Feb 9, 2022
Missing Release of Memory after Effective Lifetime in Apache Tika
Moderate
CVE-2020-9489
was published
for
org.apache.tika:tika
(Maven)
May 7, 2021
Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20
Moderate
CVE-2021-33605
was published
for
com.vaadin:vaadin-checkbox-flow
(Maven)
Aug 30, 2021
Authentication Bypass in Apache Tomcat
Moderate
CVE-2012-3546
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Cross-Site Scripting in @ckeditor/ckeditor5-link
Moderate
CVE-2018-11093
was published
for
@ckeditor/ckeditor5-link
(npm)
May 23, 2018
Login timing attack in ezsystems/ezpublish-kernel
Critical
GHSA-xfqg-p48g-hh94
was published
for
ezsystems/ezpublish-kernel
(Composer)
Jun 2, 2022
Fat Free CRM Cross-Site Request Forgery vulnerability
Moderate
CVE-2015-1585
was published
for
fat_free_crm
(RubyGems)
May 14, 2022
Command Injection in local-devices
High
GHSA-w725-67p7-xv22
was published
for
local-devices
(npm)
Sep 3, 2020
Shopware user session is not logged out if the password is reset via password recovery
Low
CVE-2022-24744
was published
for
shopware/core
(Composer)
Mar 10, 2022
Podman has Files or Directories Accessible to External Parties
Moderate
CVE-2020-1726
was published
for
github.com/containers/podman
(Go)
May 24, 2022
Command injection in cocoapods-downloader
High
CVE-2022-24440
was published
for
cocoapods-downloader
(RubyGems)
Apr 2, 2022
ReDoS vulnerability in parser_apache2
Moderate
CVE-2021-41186
was published
for
fluentd
(RubyGems)
Nov 1, 2021
Improper Certificate Validation in kubeclient
High
CVE-2022-0759
was published
for
kubeclient
(RubyGems)
Mar 26, 2022
Deserialization of Untrusted Data in Infinispan
High
CVE-2017-15089
was published
for
org.infinispan:infinispan-core
(Maven)
May 14, 2022
Cross-site scripting vulnerability in TinyMCE
Moderate
CVE-2020-12648
was published
for
tinymce
(npm)
Aug 11, 2020
fabric8 kubernetes-client vulnerable
Moderate
CVE-2021-4178
was published
for
io.fabric8:kubernetes-client
(Maven)
Jul 15, 2022
ProTip!
Advisories are also available from the
GraphQL API