Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
37
Go
2,526
Maven
5,000+
npm
4,189
NuGet
742
pip
3,968
Pub
12
RubyGems
947
Rust
1,030
Swift
39
Unreviewed advisories
All unreviewed
5,000+

24,030 advisories

Loading
lite-server vulnerable to Denial of Service High
CVE-2022-25940 was published for lite-server (Maven) Dec 20, 2022
lirantal
safe-eval vulnerable to Prototype Pollution Critical
CVE-2022-25904 was published for safe-eval (npm) Dec 20, 2022
Patchelf out-of-bounds read High
CVE-2022-44940 was published for patchelf (pip) Dec 20, 2022
Duplicate Advisory: Apiman has insufficient checks for read permissions High
GHSA-54r5-wr8x-x5v3 was published for io.apiman:apiman-manager-api-rest-impl (Maven) Dec 20, 2022 withdrawn
msavy
ghinstallation returns app JWT in error responses Moderate
CVE-2022-39304 was published for github.com/bradleyfalzon/ghinstallation (Go) Dec 19, 2022
Miskerest
Cortex's Alertmanager can expose local files content via specially crafted config Moderate
CVE-2022-23536 was published for github.com/cortexproject/cortex (Go) Dec 19, 2022
aus
SilverStripe Subsite weakens file permissions Moderate
CVE-2022-42949 was published for silverstripe/subsites (Composer) Dec 19, 2022
Oils JS vulnerable to Open Redirect Moderate
CVE-2021-4260 was published for oils (npm) Dec 19, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution Critical
CVE-2020-36618 was published for whois (npm) Dec 19, 2022
laravel-jqgrid vulnerable to SQL Injection Critical
CVE-2021-4262 was published for mgallegos/laravel-jqgrid (Composer) Dec 19, 2022
Apache Helix UI vulnerable to Open Redirect Moderate
CVE-2022-47500 was published for org.apache.helix:helix (Maven) Dec 19, 2022
Memos Cross-site Scripting vulnerability Moderate
CVE-2022-4609 was published for github.com/usememos/memos (Go) Dec 19, 2022
Knex.js has a limited SQL injection vulnerability High
CVE-2016-20018 was published for knex (npm) Dec 19, 2022
alokmenghrajani pmartinat
tdunlap607
active_attr Improper Resource Shutdown or Release vulnerability High
CVE-2021-4250 was published for active_attr (RubyGems) Dec 19, 2022
DNS NuGet package uses insufficiently random values Critical
CVE-2021-4248 was published for DNS (NuGet) Dec 18, 2022
Terms and Conditions Module vulnerable to Open Redirect Moderate
CVE-2022-4589 was published for django-termsandconditions (pip) Dec 17, 2022
UBI Reader vulnerable to Path Traversal Moderate
CVE-2022-4572 was published for ubi-reader (pip) Dec 17, 2022
HuTool vulnerable to Uncontrolled Resource Consumption High
CVE-2022-4565 was published for cn.hutool:hutool-core (Maven) Dec 16, 2022
Alist vulnerable to Path Traversal Critical
CVE-2022-45969 was published for github.com/alist-org/alist/v3 (Go) Dec 16, 2022
FeehiCMS Cross Site Scripting vulnerability Moderate
CVE-2022-40000 was published for feehi/feehicms (Composer) Dec 15, 2022
FeehiCMS Cross Site Scripting vulnerability Moderate
CVE-2022-40001 was published for feehi/feehicms (Composer) Dec 15, 2022
FeehiCMS Cross Site Scripting vulnerability Moderate
CVE-2022-40373 was published for feehi/feehicms (Composer) Dec 15, 2022
FeehiCMS Cross Site Scripting vulnerability Moderate
CVE-2022-40002 was published for feehi/feehicms (Composer) Dec 15, 2022
FeehiCMS Cross Site Scripting vulnerability Moderate
CVE-2021-36572 was published for feehi/feehicms (Composer) Dec 15, 2022
FeehiCMS Unrestricted Upload vulnerability Moderate
CVE-2021-36573 was published for feehi/feehicms (Composer) Dec 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database