Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,543
Erlang
33
GitHub Actions
25
Go
2,219
Maven
5,000+
npm
3,889
NuGet
700
pip
3,657
Pub
12
RubyGems
913
Rust
937
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,102 advisories

Loading
Authorization Bypass Through User-Controlled Key in go-restful Critical
CVE-2022-1996 was published for github.com/emicklei/go-restful (Go) Jun 9, 2022
hiddeco
Cross-site Scripting in Dolibarr Moderate
CVE-2022-30875 was published for dolibarr/dolibarr (Composer) Jun 9, 2022
Backdoor in api-res-py Critical
CVE-2022-31313 was published for api-res-py (pip) Jun 9, 2022
Path Traversal in Git HTTP endpoints in Gogs High
CVE-2022-1993 was published for gogs.io/gogs (Go) Jun 8, 2022
Sim4n6
OS Command Injection in file editor in Gogs Critical
CVE-2022-1986 was published for gogs.io/gogs (Go) Jun 8, 2022
1135
`MsQueue` `push`/`pop` use the wrong orderings Moderate
GHSA-rwf4-gx62-rqfw was published for crossbeam (Rust) Jun 8, 2022
Cross-site Scripting vulnerability in repository issue list in Gogs Moderate
CVE-2022-31038 was published for gogs.io/gogs (Go) Jun 8, 2022
wuhan005
Path Traversal in file editor on Windows in Gogs Critical
CVE-2022-1992 was published for gogs.io/gogs (Go) Jun 8, 2022
1135
Unserialized Pop Chain in Laravel Critical
CVE-2022-31279 was published for laravel/laravel (Composer) Jun 8, 2022 withdrawn
mir-hossein
Cross-Site Request Forgery in easyii CMS Moderate
CVE-2020-36534 was published for noumo/easyii (Composer) Jun 8, 2022
Improperly checked IDs on itemstacks received from the client leading to server crash in PocketMine-MP High
GHSA-fqx3-r75h-vc89 was published for pocketmine/pocketmine-mp (Composer) Jun 7, 2022
Calico vulnerable to pod route hijacking Moderate
CVE-2022-28224 was published for github.com/projectcalico/calico (Go) Jun 7, 2022
joshbressers
Improper Check for Unusual or Exceptional Conditions in Elasticsearch High
CVE-2022-23712 was published for org.elasticsearch:elasticsearch (Maven) Jun 7, 2022
Server-Side Request Forgery in Jodd HTTP High
CVE-2022-29631 was published for org.jodd:jodd-http (Maven) Jun 7, 2022
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable Critical
CVE-2022-32511 was published for jmespath (RubyGems) Jun 7, 2022
plygrnd tdunlap607
containerd CRI plugin: Host memory exhaustion through ExecSync Moderate
CVE-2022-31030 was published for github.com/containerd/containerd (Go) Jun 6, 2022
DavidKorczynski AdamKorcz
Node DOS by way of memory exhaustion through ExecSync request in CRI-O High
CVE-2022-1708 was published for github.com/cri-o/cri-o (Go) Jun 6, 2022
DavidKorczynski AdamKorcz
Failed payment recorded has completed in Silverstripe Omnipay Low
CVE-2022-29254 was published for silverstripe/silverstripe-omnipay (Composer) Jun 6, 2022
Path Traversal in django-s3file Critical
CVE-2022-24840 was published for django-s3file (pip) Jun 6, 2022
tunecrew syphar
herrbenesch codingjoe
Multiple evaluation of contract address in call in vyper High
CVE-2022-29255 was published for vyper (pip) Jun 6, 2022
TiDB authentication bypass vulnerability High
CVE-2022-31011 was published for github.com/pingcap/tidb (Go) Jun 6, 2022
Use of Uninitialized Variable in trilogy Moderate
CVE-2022-31026 was published for trilogy (RubyGems) Jun 6, 2022
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator Moderate
CVE-2022-31027 was published for oauthenticator (pip) Jun 6, 2022
GeorgianaElena yuvipanda
Cross-site Scripting in FacturaScripts Moderate
CVE-2022-1988 was published for facturascripts/facturascripts (Composer) Jun 4, 2022
Access control issue in AlekSIS-Core Moderate
CVE-2022-29773 was published for aleksis-core (pip) Jun 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database