Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,746
Erlang
35
GitHub Actions
29
Go
2,319
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
920
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

25,803 advisories

Loading
D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow. Critical Unreviewed
CVE-2022-44806 was published Nov 22, 2022
OS Command Injection in Apache Airflow Critical
CVE-2022-40189 was published for apache-airflow (pip) Nov 22, 2022
OS Command Injection in Apache Airflow Critical
CVE-2022-38649 was published for apache-airflow (pip) Nov 22, 2022
sunSUNQ
Fusiondirectory 1.3 suffers from Improper Session Handling. Critical Unreviewed
CVE-2022-36179 was published Nov 22, 2022
ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery ... Critical Unreviewed
CVE-2022-40842 was published Nov 22, 2022
Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php... Critical Unreviewed
CVE-2022-36180 was published Nov 22, 2022
In libarchive 3.6.1, the software does not check for an error after calling calloc function that... Critical Unreviewed
CVE-2022-36227 was published Nov 22, 2022
A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote... Critical Unreviewed
CVE-2022-40602 was published Nov 22, 2022
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the... Critical Unreviewed
CVE-2022-43214 was published Nov 22, 2022
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the... Critical Unreviewed
CVE-2022-43215 was published Nov 22, 2022
The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated... Critical Unreviewed
CVE-2022-41326 was published Nov 22, 2022
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of... Critical Unreviewed
CVE-2022-30257 was published Nov 22, 2022
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of... Critical Unreviewed
CVE-2022-30258 was published Nov 22, 2022
An issue was discovered in Appalti & Contratti 9.12.2. The target web applications are subject to... Critical Unreviewed
CVE-2022-44785 was published Nov 22, 2022
Cross site scripting vulnerability with discussion titles Critical
CVE-2022-41938 was published for flarum/core (Composer) Nov 21, 2022
dangzed
Missing Authorization in Filter Stream Converter Application of XWiki-platform Critical
CVE-2022-41937 was published for org.xwiki.platform:xwiki-platform-filter-ui (Maven) Nov 21, 2022
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui Critical
CVE-2022-41934 was published for org.xwiki.platform:xwiki-platform-menu-ui (Maven) Nov 21, 2022
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui Critical
CVE-2022-41931 was published for org.xwiki.platform:xwiki-platform-icon-ui (Maven) Nov 21, 2022
Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui Critical
CVE-2022-41930 was published for org.xwiki.platform:xwiki-platform-user-profile-ui (Maven) Nov 21, 2022
anonymous-nlp-student
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml Critical
CVE-2022-41928 was published for org.xwiki.platform:xwiki-platform-attachment-ui (Maven) Nov 21, 2022
Tailscale Windows daemon is vulnerable to RCE via CSRF Critical
CVE-2022-41924 was published for tailscale.com (Go) Nov 21, 2022
emilytrau JJJollyjim
hod-alpert
A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute... Critical Unreviewed
CVE-2022-43143 was published Nov 21, 2022
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter. Critical Unreviewed
CVE-2022-44180 was published Nov 21, 2022
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic. Critical Unreviewed
CVE-2022-44183 was published Nov 21, 2022
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB. Critical Unreviewed
CVE-2022-44178 was published Nov 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database