Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,608
Erlang
33
GitHub Actions
25
Go
2,221
Maven
5,000+
npm
3,893
NuGet
701
pip
3,659
Pub
12
RubyGems
913
Rust
942
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,186 advisories

Loading
Calico vulnerable to pod route hijacking Moderate
CVE-2022-28224 was published for github.com/projectcalico/calico (Go) Jun 7, 2022
joshbressers
Server-Side Request Forgery in Jodd HTTP High
CVE-2022-29631 was published for org.jodd:jodd-http (Maven) Jun 7, 2022
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable Critical
CVE-2022-32511 was published for jmespath (RubyGems) Jun 7, 2022
plygrnd tdunlap607
containerd CRI plugin: Host memory exhaustion through ExecSync Moderate
CVE-2022-31030 was published for github.com/containerd/containerd (Go) Jun 6, 2022
DavidKorczynski AdamKorcz
Node DOS by way of memory exhaustion through ExecSync request in CRI-O High
CVE-2022-1708 was published for github.com/cri-o/cri-o (Go) Jun 6, 2022
DavidKorczynski AdamKorcz
Failed payment recorded has completed in Silverstripe Omnipay Low
CVE-2022-29254 was published for silverstripe/silverstripe-omnipay (Composer) Jun 6, 2022
Path Traversal in django-s3file Critical
CVE-2022-24840 was published for django-s3file (pip) Jun 6, 2022
tunecrew syphar
herrbenesch codingjoe
Multiple evaluation of contract address in call in vyper High
CVE-2022-29255 was published for vyper (pip) Jun 6, 2022
TiDB authentication bypass vulnerability High
CVE-2022-31011 was published for github.com/pingcap/tidb (Go) Jun 6, 2022
Use of Uninitialized Variable in trilogy Moderate
CVE-2022-31026 was published for trilogy (RubyGems) Jun 6, 2022
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator Moderate
CVE-2022-31027 was published for oauthenticator (pip) Jun 6, 2022
GeorgianaElena yuvipanda
Cross-site Scripting in FacturaScripts Moderate
CVE-2022-1988 was published for facturascripts/facturascripts (Composer) Jun 4, 2022
Access control issue in AlekSIS-Core Moderate
CVE-2022-29773 was published for aleksis-core (pip) Jun 4, 2022
Cross site scripting in XXL-job Moderate
CVE-2022-29770 was published for com.xuxueli:xxl-job (Maven) Jun 4, 2022
Unsanitized JavaScript code injection possible in gatsby-plugin-mdx High
CVE-2022-25863 was published for gatsby-plugin-mdx (npm) Jun 3, 2022
Dev error stack trace leaking into prod in Play Framework Moderate
CVE-2022-31023 was published for com.typesafe.play:play_2.12 (Maven) Jun 3, 2022
BillyAutrey gmethvin
dontgitit
Denial of service binding form from JSON in Play Framework High
CVE-2022-31018 was published for com.typesafe.play:play_2.12 (Maven) Jun 3, 2022
beny23 gmethvin
BillyAutrey
Missing Role Based Access Control for the REST handlers in bleve/http package Moderate
CVE-2022-31022 was published for github.com/blevesearch/bleve (Go) Jun 3, 2022
Server-Side Request Forgery in gogs webhook High
CVE-2022-1285 was published for gogs.io/gogs (Go) Jun 3, 2022
am0o0
Denial of service in bottle Critical
CVE-2022-31799 was published for bottle (pip) Jun 3, 2022
Cross site scripting in SSCMS Moderate
CVE-2022-30349 was published for SSCMS (NuGet) Jun 3, 2022
Code injection in MCMS Critical
CVE-2022-30506 was published for net.mingsoft:ms-mcms (Maven) Jun 3, 2022
Privilege escalation in Hashicorp Nomad Critical
CVE-2022-30324 was published for github.com/hashicorp/nomad (Go) Jun 3, 2022
Flower OAuth authentication bypass High
CVE-2022-30034 was published for flower (pip) Jun 3, 2022
tprynn
Cross site scripting in librenms Moderate
CVE-2022-29711 was published for librenms/librenms (Composer) Jun 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database