Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,128 advisories

Loading
Incorrect parsing of nameless cookies leads to __Host- cookies bypass Low
CVE-2023-23934 was published for Werkzeug (pip) Feb 15, 2023
lavish
Credited to lavish
IPython vulnerable to command injection via set_term_title Low
CVE-2023-24816 was published for ipython (pip) Feb 10, 2023
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing High
GHSA-74fp-r6jw-h4mp was published for k8s.io/apimachinery (Go) Feb 8, 2023
Panic due to malformed WALs in go.etcd.io/etcd Low
CVE-2020-15106 was published for go.etcd.io/etcd (Go) Feb 7, 2023
is-http2 vulnerable to Improper Input Validation High
CVE-2022-25906 was published for is-http2 (npm) Feb 1, 2023
Apache Linkis vulnerable to Exposure of Sensitive Information Moderate
CVE-2022-44644 was published for org.apache.linkis:linkis (Maven) Jan 31, 2023
github.com/openshift/apiserver-library-go Improper Input Validation vulnerability Moderate
CVE-2023-0229 was published for github.com/openshift/apiserver-library-go (Go) Jan 26, 2023
Improper Input Validation in pyload-ng Moderate
CVE-2023-0434 was published for pyload-ng (pip) Jan 22, 2023
Shopware has Improper Input Validation issue in newsletter subscription Moderate
CVE-2023-22734 was published for shopware/core (Composer) Jan 20, 2023
Shopware vulnerable to Improper Input Validation of Clearance sale in cart Moderate
CVE-2023-22730 was published for shopware/core (Composer) Jan 17, 2023
JoshuaBehrens aragon999
Credited to JoshuaBehrens and aragon999
Publify Improper Input Validation vulnerability Critical
CVE-2023-0299 was published for publify_core (RubyGems) Jan 14, 2023
gatsby-transformer-remark has possible unsanitized JavaScript code injection High
CVE-2023-22491 was published for gatsby-transformer-remark (npm) Jan 11, 2023
Http4s improperly parses User-Agent and Server headers High
CVE-2023-22465 was published for org.http4s:http4s-core (Maven) Jan 6, 2023
go-ipld-prime/codec/json may panic if asked to encode bytes Moderate
CVE-2023-22460 was published for github.com/ipld/go-ipld-prime (Go) Jan 5, 2023
hacdias
Credited to hacdias
Apache DolphinScheduler vulnerable to Improper Input Validation Critical
CVE-2022-45875 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Jan 4, 2023
nosurf vulnerable to improper input validation High
CVE-2020-36564 was published for github.com/justinas/nosurf (Go) Dec 28, 2022
jsonwebtoken has insecure input validation in jwt.verify function High
CVE-2022-23529 was published for jsonwebtoken (npm) Dec 22, 2022 withdrawn
Apache Karaf vulnerable to potential code injection Critical
CVE-2022-40145 was published for org.apache.karaf:apache-karaf (Maven) Dec 21, 2022
lite-server vulnerable to Denial of Service High
CVE-2022-25940 was published for lite-server (Maven) Dec 20, 2022
lirantal
Credited to lirantal
Apache CXF vulnerable to Exposure of Sensitive Information High
CVE-2022-46363 was published for org.apache.cxf:cxf-core (Maven) Dec 13, 2022
pavelarnost
Credited to pavelarnost
SnakeYaml Constructor Deserialization Remote Code Execution High
CVE-2022-1471 was published for org.yaml:snakeyaml (Maven) Dec 12, 2022
justintaft securisec
JLLeitschuh DmitriyLewen yairmzr pjfanning
Credited to justintaft, securisec, JLLeitschuh, DmitriyLewen, yairmzr, and pjfanning
GitPython vulnerable to Remote Code Execution due to improper user input validation Critical
CVE-2022-24439 was published for GitPython (pip) Dec 6, 2022
ad-m-ss tdunlap607
Credited to ad-m-ss and tdunlap607
TERASOLUNA Server Framework vulnerable to ClassLoader manipulation High
CVE-2022-43484 was published for org.terasoluna.gfw:terasoluna-gfw-common (Maven) Dec 5, 2022
kominen0214
Credited to kominen0214
Apache Commons Net vulnerable to information leakage via malicious server Moderate
CVE-2021-37533 was published for commons-net:commons-net (Maven) Dec 3, 2022
decode-uri-component vulnerable to Denial of Service (DoS) High
CVE-2022-38900 was published for decode-uri-component (npm) Nov 28, 2022
G-Rath
Credited to G-Rath
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database