Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,884
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,205
NuGet
743
pip
3,978
Pub
12
RubyGems
947
Rust
1,034
Swift
39
Unreviewed advisories
All unreviewed
5,000+

24,104 advisories

Loading
FeehiCMS vulnerable to Cross Site Scripting Moderate
CVE-2020-20589 was published for feehi/feehicms (Composer) Dec 15, 2022
FeehiCMS Cross Site Scripting vulnerability Moderate
CVE-2020-36607 was published for feehi/feehicms (Composer) Dec 15, 2022
npm package rfc6902 vulnerable to Prototype Pollution Critical
CVE-2021-4245 was published for rfc6902 (npm) Dec 15, 2022
easywebpack-cli Path Traversal vulnerability Moderate
CVE-2020-24855 was published for @easy-team/easywebpack-cli (npm) Dec 15, 2022
replicator vulnerable to Deserialization of Untrusted Data Critical
CVE-2021-33420 was published for replicator (npm) Dec 15, 2022
collective.task Cross-site Scripting vulnerability Moderate
CVE-2022-4527 was published for collective.task (pip) Dec 15, 2022
django-photologue vulnerable to Cross-site Scripting Moderate
CVE-2022-4526 was published for django-photologue (pip) Dec 15, 2022
Roots Soil plugin vulnerable to Cross-site Scripting Moderate
CVE-2022-4524 was published for roots/soil (Composer) Dec 15, 2022
WSO2 carbon-registry vulnerable to Cross-site Scripting Moderate
CVE-2022-4521 was published for org.wso2.carbon.registry:carbon-registry (Maven) Dec 15, 2022
WSO2 carbon-registry Cross-site Scripting vulnerability Moderate
CVE-2022-4520 was published for org.wso2.carbon.registry:carbon-registry (Maven) Dec 15, 2022
.NET Remote Code Execution Vulnerability High
CVE-2022-41089 was published for Microsoft.WindowsDesktop.App.Runtime.win-arm64 (NuGet) Dec 14, 2022
tdunlap607
Helm vulnerable to denial of service through schema file Moderate
CVE-2022-23526 was published for helm.sh/helm/v3 (Go) Dec 14, 2022
DavidKorczynski AdamKorcz
Helm vulnerable to denial of service through through repository index file Moderate
CVE-2022-23525 was published for helm.sh/helm/v3 (Go) Dec 14, 2022
AdamKorcz DavidKorczynski
Helm vulnerable to denial of service through string value parsing Moderate
CVE-2022-23524 was published for helm.sh/helm/v3 (Go) Dec 14, 2022
DavidKorczynski AdamKorcz
Tendermint light client verification not taking into account chain ID Moderate
CVE-2022-23507 was published for tendermint-light-client (Rust) Dec 14, 2022
hu55a1n1 mzabaluev
plafer
TYPO3 vulnerable to Insufficient Session Expiration Critical
CVE-2022-47406 was published for derhansen/fe_change_pwd (Composer) Dec 14, 2022
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data High
CVE-2022-47410 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data High
CVE-2022-47411 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz) Moderate
CVE-2022-47407 was published for fixpunkt/fp-masterquiz (Composer) Dec 14, 2022
MarkLee131
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter) Critical
CVE-2022-47408 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
ohader tdunlap607
collective.dms.basecontent Cross-site Scripting vulnerability Moderate
CVE-2022-4495 was published for collective.dms.basecontent (pip) Dec 14, 2022
SCIFIO vulnerable to Path Traversal Critical
CVE-2022-4493 was published for io.scif:scifio (Maven) Dec 14, 2022
Apache Atlas: zip path traversal in import functionality High
CVE-2022-34271 was published for org.apache.atlas:apache-atlas (Maven) Dec 14, 2022
cycle-import-check vulnerable to Command Injection Critical
CVE-2022-24377 was published for cycle-import-check (npm) Dec 14, 2022
csaf-poc/csaf_distribution Cross-site Scripting vulnerability Moderate
CVE-2022-43996 was published for github.com/csaf-poc/csaf_distribution (Go) Dec 14, 2022
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database