Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,713 advisories

Loading
ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse` Critical
CVE-2020-28462 was published for ion-parser (npm) Jul 26, 2022
markdown-it-toc Cross-site Scripting due to title of generated toc and contents of header not being escaped Moderate
CVE-2020-28455 was published for markdown-it-toc (npm) Jul 26, 2022
node-import `params` argument can be controlled by users without any sanitization Critical
CVE-2020-7678 was published for node-import (npm) Jul 26, 2022
ntesseract vulnerable to Command Injection Critical
CVE-2020-28446 was published for ntesseract (npm) Jul 26, 2022
otp-generator before v3.0.0 insecurely generates random one-time passwords Critical
CVE-2021-23451 was published for otp-generator (npm) Jul 26, 2022
@ianwalter/merge Prototype Pollution via `merge` function Moderate
CVE-2021-23397 was published for @ianwalter/merge (npm) Jul 26, 2022
RDIL
Moodle LTI module reflected XSS risk Moderate
CVE-2022-35653 was published for moodle/moodle (Composer) Jul 26, 2022
Moodle Arbitrary file read when importing lesson questions High
CVE-2022-35650 was published for moodle/moodle (Composer) Jul 26, 2022
Moodle Open redirect risk in mobile auto-login feature Moderate
CVE-2022-35652 was published for moodle/moodle (Composer) Jul 26, 2022
Moodle PostScript Code Injection Critical
CVE-2022-35649 was published for moodle/moodle (Composer) Jul 26, 2022
Moodle Stored XSS and blind SSRF possible via SCORM track details Moderate
CVE-2022-35651 was published for moodle/moodle (Composer) Jul 26, 2022
Joplin is vulnerable to arbitrary code execution Critical
CVE-2022-35131 was published for joplin (npm) Jul 26, 2022
Mistune vulnerable to catastrophic backtracking High
CVE-2022-34749 was published for mistune (pip) Jul 26, 2022
keysmashes
Apache MXNet vulnerable to potential denial-of-service by excessive resource consumption High
CVE-2022-24294 was published for mxnet (pip) Jul 25, 2022
raboof
Django REST framework XSS Vulnerability Moderate
CVE-2018-25045 was published for django-rest-framework (pip) Jul 24, 2022
Microweber Stored Cross-site Scripting before v1.2.20 Moderate
CVE-2022-2495 was published for microweber/microweber (Composer) Jul 23, 2022
Serubin
Microweber before 1.2.21 vulnerable to reflected XSS Moderate
CVE-2022-2470 was published for microweber/microweber (Composer) Jul 23, 2022
Withdrawn Advisory: Out-of-bounds Read can lead to client side denial of service High
CVE-2022-34037 was published for github.com/caddyserver/caddy (Go) Jul 23, 2022 withdrawn
convert-svg-core vulnerable to remote code injection Critical
CVE-2022-25759 was published for convert-svg-core (npm) Jul 23, 2022
Duplicate Advisory GHSA-hrgx-p36p-89q4 Critical
CVE-2022-36408 was published for prestashop/prestashop (Composer) Jul 23, 2022 withdrawn
SQL Injection found in Dataease High
CVE-2022-34114 was published for io.dataease:dataease-plugin-common (Maven) Jul 23, 2022
Dataease before 1.11.2 allows arbitrary code execution via crafter plugin Critical
CVE-2022-34113 was published for io.dataease:dataease-plugin-common (Maven) Jul 23, 2022
Dataease v1.11.1 SQL Injection via parameter dataSourceId Critical
CVE-2022-34115 was published for io.dataease:dataease-plugin-common (Maven) Jul 23, 2022
Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin Moderate
CVE-2022-34112 was published for io.dataease:dataease-plugin-common (Maven) Jul 23, 2022
file-type vulnerable to Infinite Loop via malformed MKV file High
CVE-2022-36313 was published for file-type (npm) Jul 22, 2022
kiskoza ItalyPaleAle
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database