GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
1,216
Erlang
19
GitHub Actions
6
Go
788
Maven
3,078
npm
2,806
NuGet
254
pip
1,505
Pub
3
RubyGems
537
Rust
555
Unreviewed advisories
All unreviewed
5,000+
10,702 advisories
Filter by severity
@mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS)
High
CVE-2023-22461
was published
for
@mattkrick/sanitize-svg
(npm)
Jan 5, 2023
go-ipld-prime/codec/json may panic if asked to encode bytes
Moderate
CVE-2023-22460
was published
for
github.com/ipld/go-ipld-prime/codec/json
(Go)
Jan 5, 2023
Apache Tomcat improperly escapes input from JsonErrorReportValve
Low
CVE-2022-45143
was published
for
org.apache.tomcat:tomcat
(Maven)
Jan 3, 2023
Apache Dubbo vulnerable to remote code execution via Telnet Handler
Critical
CVE-2021-32824
was published
for
org.apache.dubbo:dubbo-parent
(Maven)
Jan 3, 2023
httparty has multipart/form-data request tampering vulnerability
Moderate
GHSA-5pq7-52mg-hr42
was published
for
httparty
(RubyGems)
Jan 3, 2023
Apiman has potential permissions bypass
High
CVE-2022-47551
was published
for
io.apiman:apiman-manager-api-rest-impl
(Maven)
Jan 3, 2023
string-kit Inefficient Regular Expression Complexity vulnerability
Moderate
CVE-2021-4299
was published
for
string-kit
(npm)
Jan 2, 2023
rgb2hex vulnerable to inefficient regular expression complexity
Moderate
CVE-2018-25061
was published
for
rgb2hex
(npm)
Dec 31, 2022
keynote Cross-site Scripting vulnerability
Moderate
CVE-2017-20159
was published
for
keynote
(RubyGems)
Dec 31, 2022
Froxlor Improper Authorization vulnerability
Moderate
CVE-2022-4868
was published
for
froxlor/froxlor
(Composer)
Dec 31, 2022
usememos/memos vulnerable to Cross-site Scripting
Moderate
CVE-2022-4866
was published
for
github.com/usememos/memos
(Go)
Dec 31, 2022
usememos/memos Cross-site Scripting vulnerability
Moderate
CVE-2022-4865
was published
for
github.com/usememos/memos
(Go)
Dec 31, 2022
Froxlor vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-4867
was published
for
froxlor/froxlor
(Composer)
Dec 31, 2022
Mellium vulnerable to authentication failure or insufficient randomness used during authentication
Moderate
CVE-2022-48195
was published
for
mellium.im/sasl
(Go)
Dec 31, 2022
Froxlor vulnerable to Argument Injection
Moderate
CVE-2022-4864
was published
for
froxlor/froxlor
(Composer)
Dec 31, 2022
Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue
High
GHSA-q2fj-6h62-59m2
was published
for
io.apiman:apiman-distro-vertx
(Maven)
Dec 30, 2022
usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges
High
CVE-2022-4863
was published
for
github.com/usememos/memos
(Go)
Dec 30, 2022
Path Traversal In MeterSpere leads to upload file to any path
High
CVE-2022-46178
was published
for
io.metersphere:metersphere
(Maven)
Dec 30, 2022
prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior
Moderate
GHSA-gfgm-chr3-x6px
was published
for
prettytable-rs
(Rust)
Dec 30, 2022
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow
High
CVE-2022-40151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 30, 2022
efs-utils and aws-efs-csi-driver have race condition during concurrent TLS mounts
Moderate
CVE-2022-46174
was published
for
github.com/kubernetes-sigs/aws-efs-csi-driver
(Go)
Dec 30, 2022
hyper-staticfile's location header incorporates user input, allowing open redirect
Moderate
GHSA-5wvv-q5fv-2388
was published
for
hyper-staticfile
(Rust)
Dec 30, 2022
Elrond-GO processing: fallback search of SCRs when not found in the main cache
High
CVE-2022-46173
was published
for
github.com/ElrondNetwork/elrond-go
(Go)
Dec 30, 2022
Apache Kylin vulnerable to Command injection by Useless configuration
High
CVE-2022-43396
was published
for
org.apache.kylin:kylin
(Maven)
Dec 30, 2022
Apache Kylin vulnerable to Command injection by Diagnosis Controller
High
CVE-2022-44621
was published
for
org.apache.kylin:kylin
(Maven)
Dec 30, 2022
ProTip!
Advisories are also available from the
GraphQL API