Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,730
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,719 advisories

Loading
npos-tesseract Command Injection vulnerability Critical
CVE-2020-28453 was published for npos-tesseract (npm) Aug 3, 2022
get-npm-package-version Command Injection vulnerability Critical
CVE-2020-7795 was published for get-npm-package-version (npm) Aug 3, 2022
monorepo-build Command Injection vulnerability Critical
CVE-2020-28423 was published for monorepo-build (npm) Aug 3, 2022
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails Critical
CVE-2022-35924 was published for next-auth (npm) Aug 2, 2022
aried3r feross
node-fetch Inefficient Regular Expression Complexity Moderate
CVE-2022-2596 was published for node-fetch (npm) Aug 2, 2022
vovikhangcdv
Fava vulnerable to reflected cross-site scripting Moderate
CVE-2022-2589 was published for fava (pip) Aug 2, 2022
graphql-go has infinite recursion in the type definition parser High
CVE-2022-37315 was published for github.com/graphql-go/graphql (Go) Aug 2, 2022
Atlantis Events vulnerable to Timing Attack High
CVE-2022-24912 was published for github.com/runatlantis/atlantis (Go) Jul 30, 2022
Eclipse Californium denial of service (DoS) via Datagram Transport Layer Security (DTLS) handshake on parameter mismatch High
CVE-2022-2576 was published for org.eclipse.californium:californium-core (Maven) Jul 30, 2022
tdunlap607
chia-blockchain tokens can be inflated to an arbitrary extent High
CVE-2022-36447 was published for chia-blockchain (pip) Jul 30, 2022
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow High
CVE-2022-31173 was published for juniper (Rust) Jul 29, 2022
MdotTIM c0mp1eks
nullswan
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings Low
CVE-2022-31177 was published for Flask-AppBuilder (pip) Jul 29, 2022
PrestaShop eval injection possible if shop vulnerable to SQL injection Critical
CVE-2022-31181 was published for prestashop/prestashop (Composer) Jul 29, 2022
Scrapy before 2.6.2 and 1.8.3 vulnerable to one proxy sending credentials to another Moderate
GHSA-9x8m-2xpf-crp3 was published for scrapy (pip) Jul 29, 2022
mezzio-swoole Applications Using Diactoros Vulnerable to HTTP Host Header Attack High
GHSA-c8rp-cgf4-937w was published for mezzio/mezzio-swoole (Composer) Jul 29, 2022
fs2-io skips mTLS client verification Critical
CVE-2022-31183 was published for co.fs2:fs2-io (Maven) Jul 29, 2022
async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow High
GHSA-xq3c-8gqm-v648 was published for async-graphql (Rust) Jul 29, 2022
nullswan MdotTIM
c0mp1eks
check-spelling workflow vulnerable to token leakage via symlink attack Critical
CVE-2021-32724 was published for check-spelling/check-spelling (GitHub Actions) Jul 29, 2022
justinsteven
Feehi CMS Cross-site Scripting Moderate
CVE-2022-34140 was published for feehi/cms (Composer) Jul 29, 2022
Apache Calcite Avatica JDBC driver arbitrary code execution High
CVE-2022-36364 was published for org.apache.calcite.avatica:avatica-core (Maven) Jul 29, 2022
automattic/mongoose vulnerable to Prototype pollution via Schema.path High
CVE-2022-2564 was published for mongoose (npm) Jul 29, 2022
vovikhangcdv neeraj-vts
WMAgent arbitrary code execution via a crafted dbs-client package Critical
CVE-2022-34558 was published for global-workqueue (pip) Jul 29, 2022
Feehi CMS arbitrary code execution via crafted PHP file High
CVE-2022-34971 was published for feehi/cms (Composer) Jul 28, 2022
WASM3 segmentation fault Moderate
CVE-2022-34529 was published for pywasm3 (pip) Jul 28, 2022
External Monitor Job Type Plugin does not require POST requests for an HTTP endpoint Moderate
CVE-2022-36886 was published for org.jenkins-ci.plugins:external-monitor-job (Maven) Jul 28, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database