Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
2,818
Erlang
23
GitHub Actions
38
Go
2,203
Maven
2,576
npm
2,819
NuGet
487
pip
2,656
Pub
5
RubyGems
328
Rust
877
Swift
19
Unreviewed advisories
All unreviewed
5,000+

149,730 advisories

Loading
An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka ... Moderate Unreviewed
CVE-2020-0905 was published May 24, 2022
An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to... Moderate Unreviewed
CVE-2021-37352 was published May 24, 2022
Ghost vulnerable to remote code execution in locale setting change Moderate
GHSA-7v28-g2pq-ggg8 was published for ghost (npm) Jun 17, 2022
devx00 Credited to devx00
async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow High
GHSA-xq3c-8gqm-v648 was published for async-graphql (Rust) Jul 29, 2022
nullswan Credited to nullswan, MdotTIM, and c0mp1eks MdotTIM MdotTIM
c0mp1eks c0mp1eks
matrix-sdk 0.6.0 logs access tokens Moderate
GHSA-fc4h-xcf3-qj5f was published for matrix-sdk (Rust) Oct 25, 2022
jwcrypto token substitution can lead to authentication bypass Moderate
CVE-2022-3102 was published for jwcrypto (pip) Sep 21, 2022
autogluon.multimodal vulnerable to unsafe YAML deserialization High
GHSA-6h2x-4gjf-jc5w was published for autogluon.multimodal (pip) Sep 21, 2022
sxjscience Credited to sxjscience
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service Moderate
GHSA-4qw4-jpp4-8gvp was published for commonmarker (RubyGems) Sep 21, 2022
oqs's Post-Quantum Key Encapsulation Mechanism SIKE broken Moderate
GHSA-hrjv-pf36-jpmr was published for oqs (Rust) Aug 18, 2022
oqs's Post-Quantum Signature scheme Rainbow level I parametersets broken High
GHSA-h864-m8vm-3xvj was published for oqs (Rust) Aug 18, 2022
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles Moderate
CVE-2022-2256 was published for org.keycloak:keycloak-parent (Maven) Sep 23, 2022
apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page Moderate
GHSA-2fvv-qxrq-7jq6 was published for apollo-server-core (npm) Aug 18, 2022
adenkiewicz Credited to adenkiewicz
PocketMine-MP invalid skin geometry JSON data leading to server crash High
GHSA-8cwq-4cmf-px73 was published for pocketmine/pocketmine-mp (Composer) Aug 18, 2022
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console High
CVE-2022-2668 was published for org.keycloak:keycloak-parent (Maven) Sep 23, 2022
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete High
GHSA-28q9-9c3g-v3f9 was published for github.com/treeverse/lakefs (Go) Sep 23, 2022
Vulnerable OpenSSL included in cryptography wheels Moderate
GHSA-39hc-v87j-747x was published for cryptography (pip) Nov 2, 2022
Batched HTTP requests may set incorrect `cache-control` response header Moderate
GHSA-8r69-3cvp-wxc3 was published for @apollo/server (npm) Nov 2, 2022
ckb: Transaction header_deps validation issue (network forking) Critical
GHSA-7fw6-6mfj-g3q2 was published for ckb (Rust) Nov 2, 2022
ckb: Large dep group requires a lot of resources to process but the cost to commit the transaction is very low. Moderate
GHSA-9mfc-chwf-7whf was published for ckb (Rust) Nov 2, 2022
ckb type_id script resume may randomly fail High
GHSA-mcmr-49x3-4jqm was published for ckb (Rust) Nov 2, 2022
Phoenix-ws source code and data in extensions folder is publicly available High
GHSA-c8f7-x2g7-7fxj was published for phoenix-ws (pip) Jun 2, 2022
Generated code can read and write out of bounds in safe code Critical
GHSA-3jch-9qgp-4844 was published for flatbuffers (Rust) Jun 16, 2022
Double free in endian_trait High
CVE-2021-29929 was published for endian_trait (Rust) Aug 25, 2021
Use after free in rio Critical
CVE-2020-35876 was published for rio (Rust) Aug 25, 2021
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client` Low
GHSA-prqf-xr2j-xf65 was published for github.com/argoproj/argo-workflows/v3 (Go) Aug 23, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database