Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,688
Erlang
34
GitHub Actions
26
Go
2,274
Maven
5,000+
npm
3,930
NuGet
706
pip
3,696
Pub
12
RubyGems
919
Rust
955
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,494 advisories

Loading
Uncontrolled Resource Consumption in Spray JSON Moderate
CVE-2018-18855 was published for io.spray:spray-json (Maven) Jun 28, 2022
Open redirect in web2py Moderate
CVE-2022-33146 was published for web2py (pip) Jun 28, 2022
Server-Side Request Forgery in parse-url Critical
CVE-2022-2216 was published for parse-url (npm) Jun 28, 2022
Cross site scripting in parse-url Moderate
CVE-2022-2217 was published for parse-url (npm) Jun 28, 2022
Cross site scripting in parse-url Moderate
CVE-2022-2218 was published for parse-url (npm) Jun 28, 2022
Hostname confusion in parse-url High
CVE-2022-0722 was published for parse-url (npm) Jun 28, 2022
SystemDS CPU exhaustion vulnerability High
CVE-2022-26477 was published for org.apache.systemds:systemds (Maven) Jun 28, 2022
Apache Tika contains incomplete fix for regex DoS Low
CVE-2022-33879 was published for org.apache.tika:tika (Maven) Jun 28, 2022
Salt's PAM auth fails to reject locked accounts High
CVE-2022-22967 was published for salt (pip) Jun 25, 2022
CloudCore UDS Server: Malicious Message can crash CloudCore Moderate
CVE-2022-31076 was published for github.com/kubeedge/kubeedge (Go) Jun 25, 2022
DavidKorczynski AdamKorcz
JWS and JWT signature validation vulnerability with special characters High
CVE-2022-25898 was published for jsrsasign (npm) Jun 25, 2022
Path traversal mitigation bypass in OctoRPKI High
GHSA-3jhm-87m6-x959 was published for github.com/cloudflare/cfrpki (Go) Jun 25, 2022
wuhan005 iifiigii
BlockWishList SQL Injection vulnerability High
CVE-2022-31101 was published for prestashop/blockwishlist (Composer) Jun 25, 2022
haidv35
CloudCore CSI Driver: Malicious response from KubeEdge can crash CSI Driver controller server Moderate
CVE-2022-31077 was published for github.com/kubeedge/kubeedge (Go) Jun 25, 2022
DavidKorczynski AdamKorcz
Rails::Html::Sanitizer vulnerable to Cross-site Scripting Moderate
CVE-2022-32209 was published for rails-html-sanitizer (RubyGems) Jun 25, 2022
tdunlap607
Path traversal in Concrete CMS Critical
CVE-2022-30117 was published for concrete5/core (Composer) Jun 25, 2022
Cross site scripting in Concrete CMS Low
CVE-2022-30120 was published for concrete5/core (Composer) Jun 25, 2022
Code injection in concrete CMS High
CVE-2022-21829 was published for concrete5/core (Composer) Jun 25, 2022
Prototype Pollution in deep-get-set High
CVE-2022-21231 was published for deep-get-set (npm) Jun 25, 2022
Missing permission check in Jenkins ThreadFix Plugin Moderate
CVE-2022-34210 was published for org.jenkins-ci.plugins:threadfix (Maven) Jun 24, 2022
NotMyFault
Cross-site Scripting in Jenkins Stash Branch Parameter Plugin High
CVE-2022-34198 was published for org.jenkins-ci.plugins:StashBranchParameter (Maven) Jun 24, 2022
NotMyFault
Jenkins Beaker builder Plugin Missing Authorization vulnerability Moderate
CVE-2022-34208 was published for org.jenkins-ci.plugins:beaker-builder (Maven) Jun 24, 2022
Missing permission check in Jenkins vRealize Orchestrator Plugin Moderate
CVE-2022-34212 was published for org.jenkins-ci.plugins:vmware-vrealize-orchestrator (Maven) Jun 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins ThreadFix Plugin Moderate
CVE-2022-34209 was published for org.jenkins-ci.plugins:threadfix (Maven) Jun 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Jianliao Notification Plugin Moderate
CVE-2022-34205 was published for org.jenkins-ci.plugins:jianliao (Maven) Jun 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database