Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,132
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

20,326 advisories

Loading
Path traversal in Gitblit High
CVE-2022-31268 was published for com.gitblit:gitblit (Maven) May 22, 2022
Integer overflow in solana_rbpf High
CVE-2022-31264 was published for solana_rbpf (Rust) May 22, 2022
Access control bypass in beego Critical
CVE-2022-31259 was published for github.com/beego/beego (Go) May 22, 2022
Buffer overflow in wasm3 High
CVE-2022-28990 was published for pywasm3 (pip) May 21, 2022
Regular expression denial of service in url_regex Moderate
CVE-2022-21195 was published for url_regex (pip) May 21, 2022
Crash in HeaderParser in dicer High
CVE-2022-24434 was published for dicer (Maven) May 21, 2022
dloetzke
Cross site scripting via canonical tag in Contao High
CVE-2022-24899 was published for contao/contao (Composer) May 20, 2022
Improper path handling in Kustomization files allows for denial of service High
CVE-2022-24878 was published for github.com/fluxcd/flux2 (Go) May 20, 2022
hiddeco
Authorization bypass in Spring Security Critical
CVE-2022-22978 was published for org.springframework.security:spring-security-core (Maven) May 20, 2022
secjoker moon2263
Arbitrary file upload in ShopXO High
CVE-2021-41938 was published for shopxo/shopxo (Composer) May 20, 2022
Integer overflow in BCrypt class in Spring Security Moderate
CVE-2022-22976 was published for org.springframework.security:spring-security-core (Maven) May 20, 2022
SunBK201
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi High
CVE-2022-30618 was published for @strapi/strapi (npm) May 20, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi High
CVE-2022-30617 was published for @strapi/strapi (npm) May 20, 2022
Out of bounds memory access in github.com/open-policy-agent/opa High
CVE-2022-28946 was published for github.com/open-policy-agent/opa (Go) May 20, 2022
gopkg.in/yaml.v3 Denial of Service High
CVE-2022-28948 was published for gopkg.in/yaml.v3 (Go) May 20, 2022
fourdim thediveo
Potential Cross-site Scripting vulnerability in Hydrogen Moderate
CVE-2022-29230 was published for @shopify/hydrogen (npm) May 19, 2022
Insecure PRNG use in random_password_generator High
CVE-2019-25061 was published for random_password_generator (RubyGems) May 19, 2022
Cross-site Scripting in OctoPrint High
CVE-2022-1430 was published for OctoPrint (pip) May 19, 2022
Cross-site Scripting in OctoPrint High
CVE-2022-1432 was published for OctoPrint (pip) May 19, 2022
Cross-site Scripting in com.erudika:para-core Critical
CVE-2022-1782 was published for com.erudika:para-core (Maven) May 19, 2022
Exposure of Sensitive Information in moodle Moderate
CVE-2022-30598 was published for moodle/moodle (Composer) May 19, 2022
Incorrect Calculation in moodle Critical
CVE-2022-30600 was published for moodle/moodle (Composer) May 19, 2022
Cross-site Scripting in moodle Moderate
CVE-2022-30596 was published for moodle/moodle (Composer) May 19, 2022
External Control of Assumed-Immutable Web Parameter in moodle Moderate
CVE-2022-30597 was published for moodle/moodle (Composer) May 19, 2022
SQL injection in moodle Critical
CVE-2022-30599 was published for moodle/moodle (Composer) May 19, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database