Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,780
Erlang
36
GitHub Actions
29
Go
2,344
Maven
5,000+
npm
3,973
NuGet
719
pip
3,770
Pub
12
RubyGems
923
Rust
978
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,934 advisories

Loading
Drupal core arbitrary PHP code execution High
CVE-2022-25277 was published for drupal/core (Composer) Aug 6, 2022
Streamlit directory traversal vulnerability Moderate
CVE-2022-35918 was published for streamlit (pip) Aug 6, 2022
PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names High
CVE-2022-31197 was published for org.postgresql:postgresql (Maven) Aug 6, 2022
kato-sho JBrown0x90
DSpace ItemImportService API Vulnerable to Path Traversal in Simple Archive Format Package Import High
CVE-2022-31195 was published for org.dspace:dspace-api (Maven) Aug 6, 2022
JSPUI vulnerable to path traversal in submission (resumable) upload High
CVE-2022-31194 was published for org.dspace:dspace-jspui (Maven) Aug 6, 2022
JSPUI's controlled vocabulary feature vulnerable to Open Redirect before v6.4 and v5.11 High
CVE-2022-31193 was published for org.dspace:dspace-jspui (Maven) Aug 6, 2022
JSPUI Possible Cross Site Scripting in "Request a Copy" Feature High
CVE-2022-31192 was published for org.dspace:dspace-jspui (Maven) Aug 6, 2022
JSPUI spellcheck and autocomplete tools vulnerable to Cross Site Scripting High
CVE-2022-31191 was published for org.dspace:dspace-jspui (Maven) Aug 6, 2022
XMLUI's metadata of withdrawn Items is exposed to anonymous users Moderate
CVE-2022-31190 was published for org.dspace:dspace-xmlui (Maven) Aug 6, 2022
JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization Moderate
CVE-2022-31189 was published for org.dspace:dspace-jspui (Maven) Aug 6, 2022
Solana Pay Vulnerable to Weakness in Transfer Validation Logic Moderate
CVE-2022-35917 was published for @solana/pay (npm) Aug 6, 2022
cmowenby
Drupal core Information Disclosure vulnerability High
CVE-2022-25275 was published for drupal/core (Composer) Aug 6, 2022
untangle vulnerable to XML Entity Expansion High
CVE-2022-33977 was published for untangle (pip) Aug 6, 2022
untangle vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2022-31471 was published for untangle (pip) Aug 6, 2022
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log Low
CVE-2022-31186 was published for next-auth (npm) Aug 6, 2022
ShuPink
sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs High
CVE-2022-35920 was published for sanic (pip) Aug 6, 2022
Byobu user preference to prevent private discussions being started are not respected Low
CVE-2022-35921 was published for fof/byobu (Composer) Aug 6, 2022
Rust-WebSocket memory allocation based on untrusted length High
CVE-2022-35922 was published for websocket (Rust) Aug 6, 2022
evanrichter
@acrontum/filesystem-template vulnerable to Command Injection due to fetchRepo API missing sanitization Critical
CVE-2022-21186 was published for @acrontum/filesystem-template (npm) Aug 6, 2022
administrate vulnerable to Cross-Site Request Forgery Moderate
CVE-2016-3098 was published for administrate (RubyGems) Aug 6, 2022
Moodle XSS Vulnerability Moderate
CVE-2020-1691 was published for moodle/moodle (Composer) Aug 6, 2022
Undertow vulnerable to Dos via Large AJP request High
CVE-2022-2053 was published for io.undertow:undertow-core (Maven) Aug 6, 2022
Keycloak allows arbitrary Javascript to be uploaded for SAML protocol mapper even if UPLOAD_SCRIPTS feature disabled High
GHSA-q2gp-gph3-88x9 was published for org.keycloak:keycloak-saml-core (Maven) Aug 6, 2022 withdrawn
Go Ethereum allows attackers to use manipulation of time-difference values to achieve replacement of main-chain blocks Moderate
CVE-2022-37450 was published for github.com/ethereum/go-ethereum (Go) Aug 6, 2022
Apache JSPWiki XSS due to crafted request on XHRHtml2Markup.jsp Moderate
CVE-2022-27166 was published for org.apache.jspwiki:jspwiki-main (Maven) Aug 5, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database