Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,514
Erlang
33
GitHub Actions
25
Go
2,215
Maven
5,000+
npm
3,873
NuGet
696
pip
3,648
Pub
12
RubyGems
913
Rust
923
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,019 advisories

Loading
Path Traversal in XWiki Platform Low
CVE-2022-29253 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 1, 2022
Weak private key generation in SSH.NET Moderate
CVE-2022-29245 was published for SSH.NET (NuGet) Jun 1, 2022
yaumn-synacktiv
Regular expression denial of service in apache tika Moderate
CVE-2022-30973 was published for org.apache.tika:tika-core (Maven) Jun 1, 2022
jkmartindale
Path traversal in CureKit High
CVE-2022-23082 was published for io.whitesource:curekit (Maven) Jun 1, 2022
Stored Cross-site Scripting in gitea Moderate
CVE-2022-1928 was published for code.gitea.io/gitea (Go) May 30, 2022
Prototype Pollution in protobufjs High
CVE-2022-25878 was published for protobufjs (npm) May 28, 2022
dotdash steinz
Denial of Service Vulnerability in Rack Multipart Parsing High
CVE-2022-30122 was published for rack (RubyGems) May 27, 2022
Possible shell escape sequence injection vulnerability in Rack Critical
CVE-2022-30123 was published for rack (RubyGems) May 27, 2022
kurt-r2c
Cross site scripting in Angular Moderate
CVE-2021-4231 was published for @angular/core (npm) May 27, 2022
TTracz2i
SQL injection in jflyfox jfinal High
CVE-2022-30500 was published for com.jflyfox:jflyfox_jfinal (Maven) May 27, 2022
Arbitrary command execution in Minidoc High
CVE-2022-29637 was published for github.com/mindoc-org/mindoc (Go) May 27, 2022
Cross-site Scripting in ZKEACMS Moderate
CVE-2022-29362 was published for ZKEACMS.Publisher (NuGet) May 26, 2022
Missing Authorization in Apache Archiva Moderate
CVE-2022-29405 was published for org.apache.archiva:archiva (Maven) May 26, 2022
HashiCorp go-getter unsafe downloads could lead to arbitrary host access High
CVE-2022-30322 was published for github.com/hashicorp/go-getter (Go) May 26, 2022
HashiCorp go-getter unsafe downloads could lead to asymmetric resource exhaustion High
CVE-2022-30323 was published for github.com/hashicorp/go-getter (Go) May 26, 2022
HashiCorp go-getter command injection Critical
CVE-2022-26945 was published for github.com/hashicorp/go-getter (Go) May 26, 2022
Buffer over-flow in Pillow High
CVE-2022-30595 was published for Pillow (pip) May 26, 2022
sunSUNQ
HashiCorp go-getter unsafe downloads High
CVE-2022-30321 was published for github.com/hashicorp/go-getter (Go) May 26, 2022
Arbitrary file read in ginadmin High
CVE-2022-30428 was published for github.com/gphper/ginadmin (Go) May 26, 2022
Path traversal in ginadmin High
CVE-2022-30427 was published for github.com/gphper/ginadmin (Go) May 26, 2022
Malware in ctx Critical
GHSA-4g82-3jcr-q52w was published for ctx (pip) May 25, 2022
Possible cross-site scripting attack via unsanitized SVG files in FoF Upload High
CVE-2022-30999 was published for fof/upload (Composer) May 25, 2022
Caesar302
Cross-site Scripting in wiki manager join wiki page High
CVE-2022-29252 was published for org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki (Maven) May 25, 2022
Cross-site Scripting in the Flamingo theme manager High
CVE-2022-29251 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) May 25, 2022
Possible information disclosure inside TreeGrid component with default data provider Moderate
CVE-2022-29567 was published for com.vaadin:vaadin (Maven) May 25, 2022
SunBK201
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database