Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
37
Go
2,526
Maven
5,000+
npm
4,188
NuGet
741
pip
3,968
Pub
12
RubyGems
947
Rust
1,030
Swift
39
Unreviewed advisories
All unreviewed
5,000+

24,028 advisories

Loading
hutool-json stack overflow vulnerability Moderate
CVE-2022-45690 was published for cn.hutool:hutool-json (Maven) Dec 13, 2022
linux-loader reading beyond EOF could lead to infinite loop Low
CVE-2022-23523 was published for linux-loader (Rust) Dec 12, 2022
likebreath
Candy Machine Set Collection During Mint Missing Check Moderate
GHSA-9v25-r5q2-2p6w was published for mpl-candy-machine (Rust) Dec 12, 2022
Creator Verification Error when Bubblegum Activate High
GHSA-8r76-fr72-j32w was published for mpl-bubblegum (Rust) Dec 12, 2022
@cubejs-backend/api-gateway row level security bypass High
CVE-2022-23510 was published for @cubejs-backend/api-gateway (npm) Dec 12, 2022
Sentry vulnerable to invite code reuse via cookie manipulation Moderate
CVE-2022-23485 was published for sentry (pip) Dec 12, 2022
tdunlap607
Netty vulnerable to HTTP Response splitting from assigning header value iterator Moderate
CVE-2022-41915 was published for io.netty:netty-codec-http (Maven) Dec 12, 2022
rafalambrozewicz anderruiz
HAProxyMessageDecoder Stack Exhaustion DoS Moderate
CVE-2022-41881 was published for io.netty:netty-codec-haproxy (Maven) Dec 12, 2022
SnakeYaml Constructor Deserialization Remote Code Execution High
CVE-2022-1471 was published for org.yaml:snakeyaml (Maven) Dec 12, 2022
justintaft securisec
JLLeitschuh DmitriyLewen yairmzr pjfanning
Improper Privilege Management in rdiffweb Critical
CVE-2022-4314 was published for rdiffweb (pip) Dec 12, 2022
Protobuf Java vulnerable to Uncontrolled Resource Consumption High
CVE-2022-3509 was published for com.google.protobuf:protobuf-java (Maven) Dec 12, 2022
levpachmanov
Protobuf Java vulnerable to Uncontrolled Resource Consumption High
CVE-2022-3510 was published for com.google.protobuf:protobuf-java (Maven) Dec 12, 2022
levpachmanov
Duplicate advisory: @claviska/jquery-minicolors vulnerable to Cross-site Scripting Moderate
CVE-2021-4243 was published for @claviska/jquery-minicolors (npm) Dec 12, 2022 withdrawn
Alist Cross-site Scripting vulnerability Moderate
CVE-2022-45970 was published for github.com/alist-org/alist/v3 (Go) Dec 12, 2022
AList vulnerable to Improper Preservation of Permissions High
CVE-2022-45968 was published for github.com/alist-org/alist/v3 (Go) Dec 12, 2022
yikes-inc-easy-mailchimp-extender Cross-site Scripting vulnerability Moderate
CVE-2021-4244 was published for yikesinc/yikes-inc-easy-mailchimp-extender (Composer) Dec 12, 2022
Amazon CloudWatch Agent for Windows has Privilege Escalation Vector High
CVE-2022-23511 was published for github.com/aws/amazon-cloudwatch-agent (Go) Dec 12, 2022
andrewpollock
Jenkins Sonar Gerrit Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-46688 was published for org.jenkins-ci.plugins:sonar-gerrit (Maven) Dec 12, 2022
Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information Moderate
CVE-2022-46685 was published for org.jenkins-ci.plugins:gitea (Maven) Dec 12, 2022
Jenkins Plot Plugin XML External Entity Reference vulnerability High
CVE-2022-46682 was published for org.jenkins-ci.plugins:plot (Maven) Dec 12, 2022
Jenkins Custom Build Properties Plugin vulnerable to Cross-site Scripting High
CVE-2022-46686 was published for io.jenkins.plugins:custom-build-properties (Maven) Dec 12, 2022
Jenkins Google Login Plugin Open Redirect vulnerability Moderate
CVE-2022-46683 was published for org.jenkins-ci.plugins:google-login (Maven) Dec 12, 2022
Cross-site Scripting in Jenkins Spring Config Plugin High
CVE-2022-46687 was published for io.jenkins.plugins:spring-config (Maven) Dec 12, 2022
Stored XSS vulnerability in Jenkins Checkmarx Plugin High
CVE-2022-46684 was published for com.checkmarx.jenkins:checkmarx (Maven) Dec 12, 2022
NotMyFault
phpMyFAQ vulnerable to Cross-site Scripting Moderate
CVE-2022-4407 was published for thorsten/phpmyfaq (Composer) Dec 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database