Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

10,702 advisories

@mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS) High
CVE-2023-22461 was published for @mattkrick/sanitize-svg (npm) Jan 5, 2023
lauritzh
go-ipld-prime/codec/json may panic if asked to encode bytes Moderate
CVE-2023-22460 was published for github.com/ipld/go-ipld-prime/codec/json (Go) Jan 5, 2023
hacdias
Apache Tomcat improperly escapes input from JsonErrorReportValve Low
CVE-2022-45143 was published for org.apache.tomcat:tomcat (Maven) Jan 3, 2023
Apache Dubbo vulnerable to remote code execution via Telnet Handler Critical
CVE-2021-32824 was published for org.apache.dubbo:dubbo-parent (Maven) Jan 3, 2023
httparty has multipart/form-data request tampering vulnerability Moderate
GHSA-5pq7-52mg-hr42 was published for httparty (RubyGems) Jan 3, 2023
motoyasu-saburi
Apiman has potential permissions bypass High
CVE-2022-47551 was published for io.apiman:apiman-manager-api-rest-impl (Maven) Jan 3, 2023
string-kit Inefficient Regular Expression Complexity vulnerability Moderate
CVE-2021-4299 was published for string-kit (npm) Jan 2, 2023
rgb2hex vulnerable to inefficient regular expression complexity Moderate
CVE-2018-25061 was published for rgb2hex (npm) Dec 31, 2022
keynote Cross-site Scripting vulnerability Moderate
CVE-2017-20159 was published for keynote (RubyGems) Dec 31, 2022
Froxlor Improper Authorization vulnerability Moderate
CVE-2022-4868 was published for froxlor/froxlor (Composer) Dec 31, 2022
usememos/memos vulnerable to Cross-site Scripting Moderate
CVE-2022-4866 was published for github.com/usememos/memos (Go) Dec 31, 2022
usememos/memos Cross-site Scripting vulnerability Moderate
CVE-2022-4865 was published for github.com/usememos/memos (Go) Dec 31, 2022
Froxlor vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-4867 was published for froxlor/froxlor (Composer) Dec 31, 2022
Mellium vulnerable to authentication failure or insufficient randomness used during authentication Moderate
CVE-2022-48195 was published for mellium.im/sasl (Go) Dec 31, 2022
Froxlor vulnerable to Argument Injection Moderate
CVE-2022-4864 was published for froxlor/froxlor (Composer) Dec 31, 2022
Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue High
GHSA-q2fj-6h62-59m2 was published for io.apiman:apiman-distro-vertx (Maven) Dec 30, 2022
usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges High
CVE-2022-4863 was published for github.com/usememos/memos (Go) Dec 30, 2022
Path Traversal In MeterSpere leads to upload file to any path High
CVE-2022-46178 was published for io.metersphere:metersphere (Maven) Dec 30, 2022
prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior Moderate
GHSA-gfgm-chr3-x6px was published for prettytable-rs (Rust) Dec 30, 2022
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow High
CVE-2022-40151 was published for com.thoughtworks.xstream:xstream (Maven) Dec 30, 2022
efs-utils and aws-efs-csi-driver have race condition during concurrent TLS mounts Moderate
CVE-2022-46174 was published for github.com/kubernetes-sigs/aws-efs-csi-driver (Go) Dec 30, 2022
hyper-staticfile's location header incorporates user input, allowing open redirect Moderate
GHSA-5wvv-q5fv-2388 was published for hyper-staticfile (Rust) Dec 30, 2022
Elrond-GO processing: fallback search of SCRs when not found in the main cache High
CVE-2022-46173 was published for github.com/ElrondNetwork/elrond-go (Go) Dec 30, 2022
Apache Kylin vulnerable to Command injection by Useless configuration High
CVE-2022-43396 was published for org.apache.kylin:kylin (Maven) Dec 30, 2022
Apache Kylin vulnerable to Command injection by Diagnosis Controller High
CVE-2022-44621 was published for org.apache.kylin:kylin (Maven) Dec 30, 2022
ProTip! Advisories are also available from the GraphQL API