Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
37
Go
2,526
Maven
5,000+
npm
4,189
NuGet
742
pip
3,968
Pub
12
RubyGems
947
Rust
1,030
Swift
39
Unreviewed advisories
All unreviewed
5,000+

24,030 advisories

Loading
Stored XSS vulnerability in Jenkins Checkmarx Plugin High
CVE-2022-46684 was published for com.checkmarx.jenkins:checkmarx (Maven) Dec 12, 2022
NotMyFault
phpMyFAQ vulnerable to Cross-site Scripting Moderate
CVE-2022-4407 was published for thorsten/phpmyfaq (Composer) Dec 11, 2022
phpMyFAQ vulnerable to Cross-site Scripting Moderate
CVE-2022-4408 was published for thorsten/phpmyfaq (Composer) Dec 11, 2022
phpMyFAQ has insecure HTTP cookies High
CVE-2022-4409 was published for thorsten/phpmyfaq (Composer) Dec 11, 2022
pyRdfa3 Cross-site Scripting vulnerability Moderate
CVE-2022-4396 was published for pyRdfa3 (pip) Dec 10, 2022
Yii2 Gii Cross-site Scripting vulnerability Moderate
CVE-2022-34297 was published for yiisoft/yii2-gii (Composer) Dec 10, 2022
Spring Boot Admins integrated notifier support allows arbitrary code execution High
CVE-2022-46166 was published for de.codecentric:spring-boot-admin (Maven) Dec 9, 2022
Tim-Conrad
Akeneo PIM Community Edition vulnerable to remote php code execution High
CVE-2022-46157 was published for akeneo/pim-community-dev (Composer) Dec 9, 2022
Mingsoft MCMS vulnerable to SQL Injection Critical
CVE-2022-4375 was published for net.mingsoft:ms-mcms (Maven) Dec 9, 2022
Cross-site scripting vulnerability in TinyMCE alerts Moderate
CVE-2022-23494 was published for TinyMCE (Composer) Dec 8, 2022
P4rkJW
golang.org/x/net/http2 vulnerable to possible excessive memory growth Moderate
CVE-2022-41717 was published for golang.org/x/net (Go) Dec 8, 2022
westonsteimel
Buildah (as part of Podman) vulnerable to Path Traversal Low
CVE-2022-4123 was published for github.com/containers/podman/v4 (Go) Dec 8, 2022
Buildah (as part of Podman) vulnerable to Link Following Moderate
CVE-2022-4122 was published for github.com/containers/podman/v4 (Go) Dec 8, 2022
guidobonomi
go-merkledag's ProtoNode may be modified such that common method calls may panic High
CVE-2022-23495 was published for github.com/ipfs/go-merkledag (Go) Dec 8, 2022
mrd0ll4r
PrestaShop has potential Information exposure in the upload directory Moderate
CVE-2022-46158 was published for prestashop/prestashop (Composer) Dec 8, 2022
Traefik may display authorization header in the debug logs Low
CVE-2022-23469 was published for github.com/traefik/traefik/v2 (Go) Dec 8, 2022
Traefik routes exposed with an empty TLSOption Moderate
CVE-2022-46153 was published for github.com/traefik/traefik/v2 (Go) Dec 8, 2022
Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code Moderate
GHSA-969w-q74q-9j8v was published for secp256k1 (Rust) Dec 8, 2022
Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List High
CVE-2022-23496 was published for nl.basjes.parse.useragent:yauaa (Maven) Dec 8, 2022
binary-1024
Mingsoft MCMS vulnerable to Cross-site Scripting Moderate
CVE-2022-4350 was published for net.mingsoft:ms-mcms (Maven) Dec 8, 2022
RuoYi-Cloud Cross-site Scripting vulnerability Moderate
CVE-2022-4348 was published for com.ruoyi:ruoyi-common (Maven) Dec 8, 2022
Unchecked return value from xmlTextReaderExpand High
CVE-2022-23476 was published for nokogiri (RubyGems) Dec 8, 2022
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23487 was published for libp2p (npm) Dec 7, 2022
containerd CRI stream server vulnerable to host memory exhaustion via terminal Moderate
CVE-2022-23471 was published for github.com/containerd/containerd (Go) Dec 7, 2022
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23492 was published for github.com/libp2p/go-libp2p (Go) Dec 7, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database