Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,791
Erlang
36
GitHub Actions
29
Go
2,370
Maven
5,000+
npm
3,995
NuGet
720
pip
3,789
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+

23,036 advisories

Loading
elrond-go MultiESDTNFTTransfer call on a SC address with missing function name High
CVE-2022-36058 was published for github.com/ElrondNetwork/elrond-go (Go) Sep 1, 2022
Pinniped Supervisor Insufficient Session Expiration vulnerability Moderate
CVE-2022-31677 was published for go.pinniped.dev (Go) Sep 1, 2022
Flux CLI Workload Injection High
CVE-2022-36035 was published for github.com/fluxcd/flux2 (Go) Sep 1, 2022
pjbgf
jsoup may not sanitize code injection XSS attempts if SafeList.preserveRelativeLinks is enabled Moderate
CVE-2022-36033 was published for org.jsoup:jsoup (Maven) Sep 1, 2022
Apache Geode versions deserialization of untrusted datawhen using JMX over RMI on Java 11 High
CVE-2022-37022 was published for org.apache.geode:geode-core (Maven) Sep 1, 2022
Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data Moderate
CVE-2022-37023 was published for org.apache.geode:geode-core (Maven) Sep 1, 2022
Apache Geode vulnerable to Deserialization of Untrusted Data Critical
CVE-2022-37021 was published for org.apache.geode:geode-core (Maven) Sep 1, 2022
raboof
Quarkus does not terminate HTTP requests header context Critical
CVE-2022-2466 was published for io.quarkus:quarkus-core-parent (Maven) Sep 1, 2022
NVFLARE unsafe deserialization due to Pickle Critical
CVE-2022-34668 was published for nvflare (pip) Aug 31, 2022
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid Low
CVE-2022-36036 was published for mdx-mermaid (npm) Aug 31, 2022
sjwall
Polynomial regular expression used on uncontrolled data in nitrado.js High
CVE-2022-36034 was published for nitrado.js (npm) Aug 31, 2022
PrestaShop Product Comments Cross-site Scripting vulnerability Moderate
CVE-2022-35933 was published for prestashop/productcomments (Composer) Aug 31, 2022
Denial of service due to incorrect application of event authorization rules High
CVE-2022-31152 was published for matrix-synapse (pip) Aug 31, 2022
x-data-spreadsheet through 1.1.9 vulnerable to Cross-site Scripting Moderate
CVE-2022-25646 was published for x-data-spreadsheet (npm) Aug 31, 2022
Uncontrolled Resource Consumption in snakeyaml High
CVE-2022-25857 was published for org.yaml:snakeyaml (Maven) Aug 31, 2022
wonda-tea-coffee
Sanitize-html Vulnerable To REDoS Attacks High
CVE-2022-25887 was published for sanitize-html (npm) Aug 31, 2022
LibreNMS vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-36745 was published for librenms/librenms (Composer) Aug 31, 2022
tdunlap607
LibreNMS vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-36746 was published for librenms/librenms (Composer) Aug 31, 2022
emilwareus
Broken Authorization in ZITADEL Actions High
CVE-2022-36051 was published for github.com/zitadel/zitadel (Go) Aug 30, 2022
mezdanak
Captcha Bypass in strapi-plugin-ezforms Moderate
GHSA-8mgq-6r2q-82w9 was published for strapi-plugin-ezforms (npm) Aug 30, 2022
Cross-site scripting from content entered in the tags and multiselect fields High
GHSA-rv3r-vqjj-8c76 was published for getkirby/cms (Composer) Aug 30, 2022
Helm Vulnerable to denial of service through string value parsing Moderate
CVE-2022-36055 was published for helm.sh/helm/v3 (Go) Aug 30, 2022
DavidKorczynski AdamKorcz
Unexpected server crash in Next.js Moderate
CVE-2022-36046 was published for next (npm) Aug 30, 2022
Cryptographically weak PRNG in `utils.generateUUID` Critical
CVE-2022-36045 was published for nodebb (npm) Aug 30, 2022
HakuPiku
Command Injection in moment-timezone Low
GHSA-56x4-j7p9-fcf9 was published for moment-timezone (npm) Aug 30, 2022
scovetta
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database