Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,632
Erlang
34
GitHub Actions
25
Go
2,231
Maven
5,000+
npm
3,897
NuGet
701
pip
3,664
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,242 advisories

Loading
Cross-site Scripting in FacturaScripts Moderate
CVE-2022-2016 was published for facturascripts/facturascripts (Composer) Jun 10, 2022
Cross site scripting in francoisjacquet/rosariosis Moderate
CVE-2022-2036 was published for francoisjacquet/rosariosis (Composer) Jun 10, 2022
Exposure of Sensitive Information to an Unauthorized Actor in semantic-release Moderate
CVE-2022-31051 was published for semantic-release (npm) Jun 9, 2022
dmosen
OS Command Injection in cookiecutter Critical
CVE-2022-24065 was published for cookiecutter (pip) Jun 9, 2022
Mechanize before v2.8.5 vulnerable to authorization header leak on port redirect Moderate
CVE-2022-31033 was published for mechanize (RubyGems) Jun 9, 2022
Failure to strip the Cookie header on change in host or HTTP downgrade High
CVE-2022-31042 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell am0o0
Fix failure to strip Authorization header on HTTP downgrade High
CVE-2022-31043 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell
Code Injection in metacalc Critical
CVE-2022-21122 was published for metacalc (npm) Jun 9, 2022
Cross-site Scripting in RosarioSIS Moderate
CVE-2022-1997 was published for francoisjacquet/rosariosis (Composer) Jun 9, 2022
Authorization Bypass Through User-Controlled Key in go-restful Critical
CVE-2022-1996 was published for github.com/emicklei/go-restful (Go) Jun 9, 2022
hiddeco
Cross-site Scripting in Dolibarr Moderate
CVE-2022-30875 was published for dolibarr/dolibarr (Composer) Jun 9, 2022
Backdoor in api-res-py Critical
CVE-2022-31313 was published for api-res-py (pip) Jun 9, 2022
Path Traversal in Git HTTP endpoints in Gogs High
CVE-2022-1993 was published for gogs.io/gogs (Go) Jun 8, 2022
Sim4n6
OS Command Injection in file editor in Gogs Critical
CVE-2022-1986 was published for gogs.io/gogs (Go) Jun 8, 2022
1135
`MsQueue` `push`/`pop` use the wrong orderings Moderate
GHSA-rwf4-gx62-rqfw was published for crossbeam (Rust) Jun 8, 2022
Cross-site Scripting vulnerability in repository issue list in Gogs Moderate
CVE-2022-31038 was published for gogs.io/gogs (Go) Jun 8, 2022
wuhan005
Path Traversal in file editor on Windows in Gogs Critical
CVE-2022-1992 was published for gogs.io/gogs (Go) Jun 8, 2022
1135
Unserialized Pop Chain in Laravel Critical
CVE-2022-31279 was published for laravel/laravel (Composer) Jun 8, 2022 withdrawn
mir-hossein
Cross-Site Request Forgery in easyii CMS Moderate
CVE-2020-36534 was published for noumo/easyii (Composer) Jun 8, 2022
Improperly checked IDs on itemstacks received from the client leading to server crash in PocketMine-MP High
GHSA-fqx3-r75h-vc89 was published for pocketmine/pocketmine-mp (Composer) Jun 7, 2022
Improper Check for Unusual or Exceptional Conditions in Elasticsearch High
CVE-2022-23712 was published for org.elasticsearch:elasticsearch (Maven) Jun 7, 2022
Calico vulnerable to pod route hijacking Moderate
CVE-2022-28224 was published for github.com/projectcalico/calico (Go) Jun 7, 2022
joshbressers
Server-Side Request Forgery in Jodd HTTP High
CVE-2022-29631 was published for org.jodd:jodd-http (Maven) Jun 7, 2022
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable Critical
CVE-2022-32511 was published for jmespath (RubyGems) Jun 7, 2022
plygrnd tdunlap607
containerd CRI plugin: Host memory exhaustion through ExecSync Moderate
CVE-2022-31030 was published for github.com/containerd/containerd (Go) Jun 6, 2022
DavidKorczynski AdamKorcz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database