Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,128 advisories

Loading
Browsershot does not validate URL protocols passed to Browsershot URL method High
CVE-2022-41706 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607
Credited to tdunlap607
Browsershot version 3.57.3 vulnerable to improper input validation Moderate
CVE-2022-43984 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607
Credited to tdunlap607
Segfault in `CompositeTensorVariantToComponents` Moderate
CVE-2022-41909 was published for tensorflow (pip) Nov 21, 2022
`CHECK` fail via inputs in `PyFunc` Moderate
CVE-2022-41908 was published for tensorflow (pip) Nov 21, 2022
`CHECK_EQ` fail via input in `SparseMatrixNNZ` Moderate
CVE-2022-41901 was published for tensorflow (pip) Nov 21, 2022
`CHECK` fail via inputs in `SdcaOptimizer` Moderate
CVE-2022-41899 was published for tensorflow (pip) Nov 21, 2022
`CHECK` fail via inputs in `SparseFillEmptyRowsGrad` Moderate
CVE-2022-41898 was published for tensorflow (pip) Nov 21, 2022
`tf.raw_ops.Mfcc` crashes Moderate
CVE-2022-41896 was published for tensorflow (pip) Nov 21, 2022
Segfault in `tf.raw_ops.TensorListConcat` Moderate
CVE-2022-41891 was published for tensorflow (pip) Nov 21, 2022
FPE in `tf.image.generate_bounding_box_proposals` Moderate
CVE-2022-41888 was published for tensorflow (pip) Nov 21, 2022
Cross-site Scripting in Apache Hama High
CVE-2022-45470 was published for org.apache.hama:hama-core (Maven) Nov 21, 2022
Witness Block Parsing DoS Vulnerability High
CVE-2022-39389 was published for github.com/lightningnetwork/lnd (Go) Nov 18, 2022
xmldom allows multiple root nodes in a DOM Critical
CVE-2022-39353 was published for @xmldom/xmldom (npm) Nov 1, 2022
frumioj karfau
kurt-r2c
Credited to frumioj, karfau, and kurt-r2c
Apache Tomcat may reject request containing invalid Content-Length header High
CVE-2022-42252 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 1, 2022
sunSUNQ westonsteimel
Credited to sunSUNQ and westonsteimel
Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL Critical
CVE-2022-42468 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Oct 26, 2022
westonsteimel
Credited to westonsteimel
Insufficient validation when decoding a Socket.IO packet Critical
CVE-2022-2421 was published for socket.io-parser (npm) Oct 26, 2022
darrachequesne kurt-r2c
Credited to darrachequesne and kurt-r2c
Magento Improper input validation vulnerability High
CVE-2022-42344 was published for magento/community-edition (Composer) Oct 20, 2022
Improper use of metav1.Duration allows for Denial of Service Moderate
CVE-2022-39272 was published for github.com/fluxcd/flux2 (Go) Oct 19, 2022
codablock
Credited to codablock
MySQL JDBC deserialization vulnerability Critical
CVE-2022-39312 was published for io.dataease:dataease-plugin-common (Maven) Oct 18, 2022
aboutbo
Credited to aboutbo
parse-server crashes when receiving file download request with invalid byte range High
CVE-2022-39313 was published for parse-server (npm) Oct 18, 2022
hej2010 tdunlap607
Credited to hej2010 and tdunlap607
Remote denial of service in Hyperledger Fabric Gateway High
CVE-2022-36023 was published for github.com/hyperledger/fabric (Go) Oct 13, 2022
fatal0
Credited to fatal0
Nomad Panics On Job Submission With Bad Artifact Stanza Source URL Moderate
CVE-2022-41606 was published for github.com/hashicorp/nomad (Go) Oct 12, 2022
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint Moderate
CVE-2022-39281 was published for fat_free_crm (RubyGems) Oct 7, 2022
p-
Credited to p-
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service High
CVE-2020-25614 was published for github.com/antchfx/xmlquery (Go) Oct 7, 2022
anonymous-nlp-student
Credited to anonymous-nlp-student
etcd's WAL `ReadAll` method vulnerable to an entry with large index causing panic Moderate
CVE-2020-15112 was published for go.etcd.io/etcd/v3 (Go) Oct 6, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database