Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,629 advisories

Loading
Apache Tomcat Default Installation Reveals Sensitive Information Low
CVE-2002-2006 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
Keycloak is vulnerable to IDN homograph attack Low
GHSA-mwm4-5qwr-g9pf was published for org.keycloak:keycloak-services (Maven) Apr 28, 2022
klausenbusk kurt-r2c
Credited to klausenbusk and kurt-r2c
OIDC Logout redirect in keycloak Low
CVE-2020-10734 was published for org.keycloak:keycloak-oidc-client-adapter-pom (Maven) Apr 28, 2022
sonOfRa
Credited to sonOfRa
Exposure of SSH credentials in Rancher/Fleet Low
GHSA-wm2r-rp98-8pmh was published for github.com/rancher/rancher (Go) Apr 27, 2022
Openstack nova qcow format could expose host filesystem information Low
CVE-2011-3147 was published for nova (pip) Apr 22, 2022
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon Low
CVE-2022-27814 was published for Simple-Wayland-HotKey-Daemon (Rust) Apr 15, 2022
Shinyzenith
Credited to Shinyzenith
XSS Injection Vulnerability Low
GHSA-wf98-vxv9-jqfv was published for craftcms/cms (Composer) Apr 5, 2022
Cross-Site Request Forgery in YOURLS Low
CVE-2022-0088 was published for yourls/yourls (Composer) Apr 4, 2022
SaltStack Salt Improper Authentication via Man in the Middle Attack Low
CVE-2022-22935 was published for salt (pip) Mar 30, 2022
Discoverability of user password hash in Statamic CMS Low
CVE-2022-24784 was published for statamic/cms (Composer) Mar 29, 2022
Twig Sandbox Information Disclosure Low
CVE-2019-9942 was published for twig/twig (Composer) Mar 26, 2022
Renderers can obtain access to random bluetooth device without permission in Electron Low
CVE-2022-21718 was published for electron (npm) Mar 22, 2022
PalmerAL
Credited to PalmerAL
node-ipc behavior change Low
GHSA-3mpp-xfvh-qh37 was published for node-ipc (npm) Mar 16, 2022
pallost
Credited to pallost
Hidden functionality in node-ipc Low
GHSA-8gr3-2gjw-jj7g was published for node-ipc (npm) Mar 16, 2022
Sensitive parameter values captured in build metadata files by Jenkins Parameterized Trigger Plugin Low
CVE-2022-27195 was published for org.jenkins-ci.plugins:parameterized-trigger (Maven) Mar 16, 2022
NotMyFault
Credited to NotMyFault
Client Secret stored in plain text by Jenkins GitLab Authentication Plugin Low
CVE-2022-27206 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) Mar 16, 2022
NotMyFault
Credited to NotMyFault
Inconsistent storage layout for ERC2771ContextUpgradeable Low
GHSA-7j52-6fjp-58gr was published for @openzeppelin/contracts-upgradeable (npm) Mar 14, 2022
Infinite loop in Pillow Low
GHSA-4fx9-vc88-q2xc was published for Pillow (pip) Mar 11, 2022
Path traversal in org.postgresql:postgresql Low
CVE-2022-26520 was published for org.postgresql:postgresql (Maven) Mar 11, 2022
Shopware user session is not logged out if the password is reset via password recovery Low
CVE-2022-24744 was published for shopware/core (Composer) Mar 10, 2022
tdunlap607
Credited to tdunlap607
Forwarding of confidentials headers to third parties in fluture-node Low
CVE-2022-24719 was published for fluture-node (npm) Mar 1, 2022
Improper Certificate Validation in Cosign Low
CVE-2022-23649 was published for github.com/sigstore/cosign (Go) Feb 22, 2022
znewman01 dlorenc
mattmoor priyawadhwa mtrmac nsmith5
Credited to znewman01, dlorenc, mattmoor, priyawadhwa, mtrmac, and nsmith5
Business Logic Errors in microweber Low
CVE-2022-0688 was published for microweber/microweber (Composer) Feb 21, 2022
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin Low
CVE-2022-25186 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Feb 16, 2022
NotMyFault
Credited to NotMyFault
Improper Synchronization in Jenkins Convertigo Mobile Platform Plugin Low
CVE-2022-25210 was published for com.convertigo.jenkins.plugins:convertigo-mobile-platform (Maven) Feb 16, 2022
NotMyFault
Credited to NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database