Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,632
Erlang
34
GitHub Actions
25
Go
2,236
Maven
5,000+
npm
3,900
NuGet
701
pip
3,664
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,251 advisories

Loading
Directory traversal in convert-svg-core High
CVE-2022-24278 was published for convert-svg-core (npm) Jun 11, 2022
Infinite loop in jpeg-js High
CVE-2022-25851 was published for jpeg-js (npm) Jun 11, 2022
Unhandled crash in npm posix High
CVE-2022-21211 was published for posix (npm) Jun 11, 2022
Code injection via SVG file in convert-svg-core High
CVE-2022-24429 was published for convert-svg-core (npm) Jun 11, 2022
Unsafe deserialization in com.alibaba:fastjson High
CVE-2022-25845 was published for com.alibaba:fastjson (Maven) Jun 11, 2022
SunBK201
Ill-formed headers may lead to unexpected behavior in Istio Moderate
CVE-2022-31045 was published for istio.io/istio (Go) Jun 10, 2022
oschaaf
Cross Site Scripting vulnerability in django-jsonform's admin form. High
GHSA-x9jp-4w8m-4f3c was published for django-jsonform (pip) Jun 10, 2022
Server-side request forgery in Apache Dubbo Moderate
CVE-2022-24969 was published for com.alibaba:dubbo (Maven) Jun 10, 2022
Server-Side Request Forgery in kityminder Critical
CVE-2022-31830 was published for kityminder (npm) Jun 10, 2022
Cross-site Scripting in FacturaScripts Moderate
CVE-2022-2016 was published for facturascripts/facturascripts (Composer) Jun 10, 2022
Cross site scripting in francoisjacquet/rosariosis Moderate
CVE-2022-2036 was published for francoisjacquet/rosariosis (Composer) Jun 10, 2022
Exposure of Sensitive Information to an Unauthorized Actor in semantic-release Moderate
CVE-2022-31051 was published for semantic-release (npm) Jun 9, 2022
dmosen
OS Command Injection in cookiecutter Critical
CVE-2022-24065 was published for cookiecutter (pip) Jun 9, 2022
Mechanize before v2.8.5 vulnerable to authorization header leak on port redirect Moderate
CVE-2022-31033 was published for mechanize (RubyGems) Jun 9, 2022
Failure to strip the Cookie header on change in host or HTTP downgrade High
CVE-2022-31042 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell am0o0
Fix failure to strip Authorization header on HTTP downgrade High
CVE-2022-31043 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell
Code Injection in metacalc Critical
CVE-2022-21122 was published for metacalc (npm) Jun 9, 2022
Cross-site Scripting in RosarioSIS Moderate
CVE-2022-1997 was published for francoisjacquet/rosariosis (Composer) Jun 9, 2022
Authorization Bypass Through User-Controlled Key in go-restful Critical
CVE-2022-1996 was published for github.com/emicklei/go-restful (Go) Jun 9, 2022
hiddeco
Cross-site Scripting in Dolibarr Moderate
CVE-2022-30875 was published for dolibarr/dolibarr (Composer) Jun 9, 2022
Backdoor in api-res-py Critical
CVE-2022-31313 was published for api-res-py (pip) Jun 9, 2022
Path Traversal in Git HTTP endpoints in Gogs High
CVE-2022-1993 was published for gogs.io/gogs (Go) Jun 8, 2022
Sim4n6
OS Command Injection in file editor in Gogs Critical
CVE-2022-1986 was published for gogs.io/gogs (Go) Jun 8, 2022
1135
`MsQueue` `push`/`pop` use the wrong orderings Moderate
GHSA-rwf4-gx62-rqfw was published for crossbeam (Rust) Jun 8, 2022
Cross-site Scripting vulnerability in repository issue list in Gogs Moderate
CVE-2022-31038 was published for gogs.io/gogs (Go) Jun 8, 2022
wuhan005
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database