GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,132
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
20,326 advisories
Filter by severity
Path traversal in Gitblit
High
CVE-2022-31268
was published
for
com.gitblit:gitblit
(Maven)
May 22, 2022
Integer overflow in solana_rbpf
High
CVE-2022-31264
was published
for
solana_rbpf
(Rust)
May 22, 2022
Access control bypass in beego
Critical
CVE-2022-31259
was published
for
github.com/beego/beego
(Go)
May 22, 2022
Regular expression denial of service in url_regex
Moderate
CVE-2022-21195
was published
for
url_regex
(pip)
May 21, 2022
Cross site scripting via canonical tag in Contao
High
CVE-2022-24899
was published
for
contao/contao
(Composer)
May 20, 2022
Improper path handling in Kustomization files allows for denial of service
High
CVE-2022-24878
was published
for
github.com/fluxcd/flux2
(Go)
May 20, 2022
Authorization bypass in Spring Security
Critical
CVE-2022-22978
was published
for
org.springframework.security:spring-security-core
(Maven)
May 20, 2022
Arbitrary file upload in ShopXO
High
CVE-2021-41938
was published
for
shopxo/shopxo
(Composer)
May 20, 2022
Integer overflow in BCrypt class in Spring Security
Moderate
CVE-2022-22976
was published
for
org.springframework.security:spring-security-core
(Maven)
May 20, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
High
CVE-2022-30618
was published
for
@strapi/strapi
(npm)
May 20, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
High
CVE-2022-30617
was published
for
@strapi/strapi
(npm)
May 20, 2022
Out of bounds memory access in github.com/open-policy-agent/opa
High
CVE-2022-28946
was published
for
github.com/open-policy-agent/opa
(Go)
May 20, 2022
gopkg.in/yaml.v3 Denial of Service
High
CVE-2022-28948
was published
for
gopkg.in/yaml.v3
(Go)
May 20, 2022
Potential Cross-site Scripting vulnerability in Hydrogen
Moderate
CVE-2022-29230
was published
for
@shopify/hydrogen
(npm)
May 19, 2022
Insecure PRNG use in random_password_generator
High
CVE-2019-25061
was published
for
random_password_generator
(RubyGems)
May 19, 2022
Cross-site Scripting in com.erudika:para-core
Critical
CVE-2022-1782
was published
for
com.erudika:para-core
(Maven)
May 19, 2022
Exposure of Sensitive Information in moodle
Moderate
CVE-2022-30598
was published
for
moodle/moodle
(Composer)
May 19, 2022
Incorrect Calculation in moodle
Critical
CVE-2022-30600
was published
for
moodle/moodle
(Composer)
May 19, 2022
Cross-site Scripting in moodle
Moderate
CVE-2022-30596
was published
for
moodle/moodle
(Composer)
May 19, 2022
External Control of Assumed-Immutable Web Parameter in moodle
Moderate
CVE-2022-30597
was published
for
moodle/moodle
(Composer)
May 19, 2022
SQL injection in moodle
Critical
CVE-2022-30599
was published
for
moodle/moodle
(Composer)
May 19, 2022
ProTip!
Advisories are also available from the
GraphQL API