Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,877
Erlang
37
GitHub Actions
38
Go
2,538
Maven
5,000+
npm
4,197
NuGet
743
pip
3,971
Pub
12
RubyGems
947
Rust
1,030
Swift
39
Unreviewed advisories
All unreviewed
5,000+

24,064 advisories

Loading
Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks High
CVE-2022-46464 was published for concrete5/concrete5 (Composer) Dec 6, 2022 withdrawn
LisaCISO
Concrete CMS vulnerable to cross-site scripting in the text input field Moderate
CVE-2022-43556 was published for concrete5/concrete5 (Composer) Dec 6, 2022
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package Low
CVE-2022-23530 was published for guarddog (pip) Dec 5, 2022
Sim4n6
Capsule vulnerable to privilege escalation by ServiceAccount deployed in a Tenant Namespace High
CVE-2022-46167 was published for github.com/clastix/capsule (Go) Dec 5, 2022
MaxFedotov whatev3n
NodeBB vulnerable to account takeover via prototype vulnerability Critical
CVE-2022-46164 was published for nodebb (npm) Dec 5, 2022
stephenbradshaw
hyper-staticfile's improper validation of Windows paths could lead to directory traversal attack Moderate
GHSA-7p7c-pvvx-2vx3 was published for hyper-staticfile (Rust) Dec 5, 2022
tdunlap607
Prometheus vulnerable to basic authentication bypass High
GHSA-4v48-4q5m-8vx4 was published for github.com/prometheus/prometheus (Go) Dec 5, 2022
chunklhit
Craft CMS discloses password hashes High
CVE-2022-37783 was published for craftcms/cms (Composer) Dec 5, 2022
Cap'n Proto and its Rust implementation vulnerable to out-of-bounds read due to logic error handling list-of-list Moderate
CVE-2022-46149 was published for capnp (Rust) Dec 5, 2022
muhammara and hummus vulnerable to Unchecked Return Value to NULL Pointer Dereference High
CVE-2022-41957 was published for hummus (npm) Dec 5, 2022
camel-ldap component allows LDAP Injection when using the filter option Critical
CVE-2022-45046 was published for org.apache.camel:camel-ldap (Maven) Dec 5, 2022
Nadesiko3 OS Command Injection vulnerability Critical
CVE-2022-41642 was published for nadesiko3 (npm) Dec 5, 2022
nadesiko3 vulnerable to OS Command Injection Critical
CVE-2022-42496 was published for nadesiko3 (npm) Dec 5, 2022
nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit Moderate
CVE-2022-41777 was published for nadesiko3 (npm) Dec 5, 2022
TERASOLUNA Server Framework vulnerable to ClassLoader manipulation High
CVE-2022-43484 was published for org.terasoluna.gfw:terasoluna-gfw-common (Maven) Dec 5, 2022
kominen0214
Apache Commons Net vulnerable to information leakage via malicious server Moderate
CVE-2021-37533 was published for commons-net:commons-net (Maven) Dec 3, 2022
phpxmlrpc vulnerable to argument injection Moderate
GHSA-q7qq-9gx2-ggxv was published for phpxmlrpc/phpxmlrpc (Composer) Dec 2, 2022
XBlock vulnerable to Cross-Site Scripting (XSS) High
CVE-2022-46147 was published for xblock-drag-and-drop-v2 (pip) Dec 2, 2022
Prometheus Exporter-Toolkit is vulnerable to authentication bypass Moderate
CVE-2022-46146 was published for github.com/prometheus/exporter-toolkit (Go) Dec 2, 2022
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package Low
CVE-2022-23531 was published for guarddog (pip) Dec 2, 2022
kube-httpcache is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
GHSA-47xh-qxqv-mgvg was published for github.com/mittwald/kube-httpcache (Go) Dec 2, 2022
kxcasa
Apache Tapestry allows deserialization of untrusted data Critical
CVE-2022-46366 was published for org.apache.tapestry:tapestry-core (Maven) Dec 2, 2022
ff4j is vulnerable to Remote Code Execution (RCE) Critical
CVE-2022-44262 was published for org.ff4j:ff4j-core (Maven) Dec 1, 2022
njimenezotto tdunlap607
ThinkCMF Cross Site Request Forgery (CSRF) vulnerability High
CVE-2022-40489 was published for thinkcmf/thinkcmf (Composer) Dec 1, 2022
ThinkCMF Stored Cross-Site Scripting (XSS) Moderate
CVE-2022-40849 was published for thinkcmf/thinkcmf (Composer) Dec 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database