Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,951
Erlang
39
GitHub Actions
38
Go
2,607
Maven
5,000+
npm
4,251
NuGet
757
pip
4,017
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,417 advisories

Loading
window-control vulnerable to Command Injection due to improper input sanitization High
CVE-2022-25926 was published for window-control (npm) Jan 4, 2023
Apache DolphinScheduler vulnerable to Improper Input Validation Critical
CVE-2022-45875 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Jan 4, 2023
typo3-appointments vulnerable to Cross-site Scripting Moderate
CVE-2019-25094 was published for innologi/typo3-appointments (Composer) Jan 4, 2023
Gravitee API Management contains Path Traversal High
CVE-2022-38723 was published for io.gravitee.apim:gravitee-api-management (Maven) Jan 4, 2023
Apache Tomcat improperly escapes input from JsonErrorReportValve High
CVE-2022-45143 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 3, 2023
westonsteimel
Credited to westonsteimel
MooTools Regular Expression Denial of Service High
CVE-2021-32821 was published for mootools (npm) Jan 3, 2023
anonymous4ACL24
Credited to anonymous4ACL24
Apache Dubbo vulnerable to remote code execution via Telnet Handler Critical
CVE-2021-32824 was published for org.apache.dubbo:dubbo-parent (Maven) Jan 3, 2023
httparty has multipart/form-data request tampering vulnerability Moderate
CVE-2024-22049 was published for httparty (RubyGems) Jan 3, 2023
motoyasu-saburi
Credited to motoyasu-saburi
Apiman has potential permissions bypass High
CVE-2022-47551 was published for io.apiman:apiman-manager-api-rest-impl (Maven) Jan 3, 2023
FrameworkUserBundle Generates Error Message Containing Sensitive Information High
CVE-2015-10012 was published for sumocoders/framework-user-bundle (Composer) Jan 3, 2023
nterchange Code Injection vulnerability Critical
CVE-2015-10009 was published for nonfiction/nterchange (Composer) Jan 2, 2023
string-kit Inefficient Regular Expression Complexity vulnerability High
CVE-2021-4299 was published for string-kit (npm) Jan 2, 2023
SimpleSAMLphp simplesamlphp-module-openid Moderate
CVE-2010-10002 was published for simplesamlphp/simplesamlphp-module-openid (Composer) Jan 1, 2023
express-param vulnerable to Improper Handling of Extra Parameters Critical
CVE-2017-20160 was published for express-param (npm) Dec 31, 2022
rgb2hex vulnerable to inefficient regular expression complexity High
CVE-2018-25061 was published for rgb2hex (npm) Dec 31, 2022
Yii2 FileAPI Widget vulnerable to Cross-site Scripting Moderate
CVE-2017-20158 was published for vova07/yii2-fileapi-widget (Composer) Dec 31, 2022
Ariadne Component Library vulnerable to Server-Side Request Forgery Critical
CVE-2017-20157 was published for arc/web (Composer) Dec 31, 2022
keynote Cross-site Scripting vulnerability Moderate
CVE-2017-20159 was published for keynote (RubyGems) Dec 31, 2022
Froxlor Improper Authorization vulnerability Moderate
CVE-2022-4868 was published for froxlor/froxlor (Composer) Dec 31, 2022
Froxlor vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-4867 was published for froxlor/froxlor (Composer) Dec 31, 2022
usememos/memos vulnerable to Cross-site Scripting Critical
CVE-2022-4866 was published for github.com/usememos/memos (Go) Dec 31, 2022
usememos/memos Cross-site Scripting vulnerability Critical
CVE-2022-4865 was published for github.com/usememos/memos (Go) Dec 31, 2022
mellium.im/sasl authentication failure due to insufficient nonce randomness Critical
CVE-2022-48195 was published for mellium.im/sasl (Go) Dec 31, 2022
Froxlor vulnerable to Argument Injection Moderate
CVE-2022-4864 was published for froxlor/froxlor (Composer) Dec 31, 2022
Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue High
GHSA-q2fj-6h62-59m2 was published for io.apiman:apiman-distro-vertx (Maven) Dec 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database