Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,956
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23,948 advisories

Loading
sweetalert2 v10.16.10 and above contains hidden functionality Low
GHSA-457r-cqc8-9vj9 was published for sweetalert2 (npm) Nov 23, 2022
Humni
Cross-Site Request Forgery in Moodle Moderate
CVE-2022-45149 was published for moodle/moodle (Composer) Nov 23, 2022
Moodle reflected cross-site scripting vulnerability in policy tool Moderate
CVE-2022-45150 was published for moodle/moodle (Composer) Nov 23, 2022
Moodle stored-XSS vulnerability in some "social" user profile fields Moderate
CVE-2022-45151 was published for moodle/moodle (Composer) Nov 23, 2022
sweetalert2 v11.4.9 and above contains hidden functionality Low
GHSA-qq6h-5g6j-q3cm was published for sweetalert2 (npm) Nov 23, 2022
limonte Humni
Command injection in Apache DolphinScheduler Alert Plugins Critical
CVE-2022-45462 was published for org.apache.dolphinscheduler:dolphinscheduler-alert-plugins (Maven) Nov 23, 2022
Denial of service in Mattermost Moderate
CVE-2022-4045 was published for github.com/mattermost/mattermost-server (Go) Nov 23, 2022
Denial of service in Mattermost Moderate
CVE-2022-4044 was published for github.com/mattermost/mattermost-server (Go) Nov 23, 2022
Cross-site Scripting in Backdrop CMS Moderate
CVE-2022-42095 was published for backdrop/backdrop (Composer) Nov 23, 2022
Code injection in quarkus dev ui config editor Critical
CVE-2022-4116 was published for io.quarkus:quarkus-vertx-http-deployment (Maven) Nov 22, 2022
jmini
Cross-site Scripting in Backdrop CMS Moderate
CVE-2022-42094 was published for backdrop/backdrop (Composer) Nov 22, 2022
Account Takeover Through Password Reset Poisoning High
CVE-2022-33012 was published for microweber/microweber (Composer) Nov 22, 2022
Cross-site Scripting in Backdrop CMS Moderate
CVE-2022-42097 was published for backdrop/backdrop (Composer) Nov 22, 2022
OS Command Injection in Apache Airflow Moderate
CVE-2022-40954 was published for apache-airflow (pip) Nov 22, 2022
OS Command Injection in Apache Airflow Critical
CVE-2022-38649 was published for apache-airflow (pip) Nov 22, 2022
sunSUNQ
OS Command Injection in Apache Airflow High
CVE-2022-41131 was published for apache-airflow-providers-apache-hive (pip) Nov 22, 2022
raboof
OS Command Injection in Apache Airflow Critical
CVE-2022-40189 was published for apache-airflow (pip) Nov 22, 2022
ToolJet is vulnerable to Denial of Service (DoS) Moderate
CVE-2022-4111 was published for tooljet (npm) Nov 22, 2022
aruneko
CKAN contains Improper Authentication leading to account takeover High
CVE-2022-43685 was published for ckan (pip) Nov 22, 2022
Remote code execution vulnerability in dependency System.Drawing.Common Moderate
GHSA-gpv5-rp6w-58r8 was published for Akka (NuGet) Nov 22, 2022
petrikero
Tensorflow vulnerable to Out-of-Bounds Read Moderate
CVE-2022-41880 was published for tensorflow (pip) Nov 22, 2022
Stored XSS in Compare Mode Moderate
CVE-2022-38145 was published for silverstripe/versioned-admin (Composer) Nov 22, 2022
Blind SQL Injection via GridFieldSortableHeader High
CVE-2022-38148 was published for silverstripe/framework (Composer) Nov 22, 2022
Reflected XSS in querystring parameters Moderate
CVE-2022-38462 was published for silverstripe/framework (Composer) Nov 21, 2022
Stored XSS using HTMLEditor Moderate
CVE-2022-37429 was published for silverstripe/framework (Composer) Nov 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database