Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,884
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,205
NuGet
743
pip
3,978
Pub
12
RubyGems
947
Rust
1,034
Swift
39
Unreviewed advisories
All unreviewed
5,000+

24,104 advisories

Loading
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23486 was published for libp2p (Rust) Dec 7, 2022
Echo vulnerable to directory traversal Moderate
CVE-2020-36565 was published for github.com/labstack/echo/v4 (Go) Dec 7, 2022
PaddlePaddle Out-of-bounds Read vulnerability Critical
CVE-2022-46741 was published for paddlepaddle (pip) Dec 7, 2022
PaddlePaddle vulnerable to Code Injection Critical
CVE-2022-46742 was published for paddlepaddle (pip) Dec 7, 2022
mattberry3
baserCMS vulnerable to stored Cross-site Scripting Moderate
CVE-2022-41994 was published for baserproject/basercms (Composer) Dec 7, 2022
baserCMS vulnerable to stored Cross-site Scripting Moderate
CVE-2022-42486 was published for baserproject/basercms (Composer) Dec 7, 2022
Casdoor arbitrary file deletion vulnerability via uploadFile function High
CVE-2022-44942 was published for github.com/casdoor/casdoor (Go) Dec 7, 2022
Quarkus CORS filter allows simple GET and POST requests with an invalid Origin to proceed High
CVE-2022-4147 was published for io.quarkus:quarkus-vertx-http (Maven) Dec 6, 2022
py7zr directory traversal vulnerability Critical
CVE-2022-44900 was published for py7zr (pip) Dec 6, 2022
DSInternals Credential Roaming Elevation of Privilege Vulnerability Moderate
GHSA-vx2x-9cff-fhjw was published for DSInternals.Common (NuGet) Dec 6, 2022
Passeo uses insecure random number generator High
CVE-2022-23472 was published for Passeo (pip) Dec 6, 2022
Bluenix2 ArjunSharda
Thinkphp has a code logic error High
CVE-2022-44289 was published for topthink/framework (Composer) Dec 6, 2022
teler dashboard vulnerable to DOM-based cross-site scripting (XSS) Low
CVE-2022-23466 was published for teler.app (Go) Dec 6, 2022
GitPython vulnerable to Remote Code Execution due to improper user input validation Critical
CVE-2022-24439 was published for GitPython (pip) Dec 6, 2022
ad-m-ss tdunlap607
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol High
CVE-2022-25912 was published for simple-git (npm) Dec 6, 2022
Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks High
CVE-2022-46464 was published for concrete5/concrete5 (Composer) Dec 6, 2022 withdrawn
LisaCISO
Concrete CMS vulnerable to cross-site scripting in the text input field Moderate
CVE-2022-43556 was published for concrete5/concrete5 (Composer) Dec 6, 2022
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package Low
CVE-2022-23530 was published for guarddog (pip) Dec 5, 2022
Sim4n6
Capsule vulnerable to privilege escalation by ServiceAccount deployed in a Tenant Namespace High
CVE-2022-46167 was published for github.com/clastix/capsule (Go) Dec 5, 2022
MaxFedotov whatev3n
NodeBB vulnerable to account takeover via prototype vulnerability Critical
CVE-2022-46164 was published for nodebb (npm) Dec 5, 2022
stephenbradshaw
hyper-staticfile's improper validation of Windows paths could lead to directory traversal attack Moderate
GHSA-7p7c-pvvx-2vx3 was published for hyper-staticfile (Rust) Dec 5, 2022
tdunlap607
Prometheus vulnerable to basic authentication bypass High
GHSA-4v48-4q5m-8vx4 was published for github.com/prometheus/prometheus (Go) Dec 5, 2022
chunklhit
Craft CMS discloses password hashes High
CVE-2022-37783 was published for craftcms/cms (Composer) Dec 5, 2022
Cap'n Proto and its Rust implementation vulnerable to out-of-bounds read due to logic error handling list-of-list Moderate
CVE-2022-46149 was published for capnp (Rust) Dec 5, 2022
muhammara and hummus vulnerable to Unchecked Return Value to NULL Pointer Dereference High
CVE-2022-41957 was published for hummus (npm) Dec 5, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database