Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,128 advisories

Loading
Duplicate Advisory: Keycloak user may register themselves with same email ID of any existing user Moderate
GHSA-j9xq-j329-2xvg was published for org.keycloak:keycloak-core (Maven) Aug 27, 2022 withdrawn
Improper token validation leading to code execution in Teleport High
CVE-2022-36633 was published for github.com/gravitational/teleport (Go) Aug 25, 2022
ansible-runner vulnerable to shell command injection High
CVE-2021-4041 was published for ansible-runner (pip) Aug 25, 2022
Keycloak vulnerable to Improper Certificate Validation Moderate
CVE-2020-35509 was published for org.keycloak:keycloak-core (Maven) Aug 24, 2022
Remote code execution in Apache Flume Critical
CVE-2022-34916 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Aug 22, 2022
loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter Critical
CVE-2022-35942 was published for loopback-connector-postgresql (npm) Aug 11, 2022
mgabeler-lee-6rs
Credited to mgabeler-lee-6rs
django-sendfile2 before 0.7.0 contains reflected file download vulnerability High
GHSA-pcjh-6r5h-r92r was published for django-sendfile2 (pip) Aug 11, 2022
moggers87 sergei-maertens
Credited to moggers87 and sergei-maertens
Apache Avro Rust SDK corrupted data read can cause crash High
CVE-2022-36125 was published for apache-avro (Rust) Aug 10, 2022
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails Critical
CVE-2022-35924 was published for next-auth (npm) Aug 2, 2022
aried3r feross
Credited to aried3r and feross
Moodle Arbitrary file read when importing lesson questions High
CVE-2022-35650 was published for moodle/moodle (Composer) Jul 26, 2022
Moodle PostScript Code Injection Critical
CVE-2022-35649 was published for moodle/moodle (Composer) Jul 26, 2022
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers High
CVE-2022-31172 was published for @openzeppelin/contracts (npm) Jul 21, 2022
OpenZeppelin Contracts's ERC165Checker may revert instead of returning false High
CVE-2022-31170 was published for @openzeppelin/contracts (npm) Jul 21, 2022
aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9 High
CVE-2022-2385 was published for sigs.k8s.io/aws-iam-authenticator (Go) Jul 13, 2022
tdunlap607
Credited to tdunlap607
Hyperledger Fabric vulnerable to Improper Input Validation in orderer/common/cluster consensus request High
CVE-2022-31121 was published for github.com/hyperledger/fabric (Go) Jul 8, 2022
fatal0
Credited to fatal0
Jetty invalid URI parsing may produce invalid HttpURI.authority Low
CVE-2022-2047 was published for org.eclipse.jetty:jetty-http (Maven) Jul 7, 2022
rafax00
Credited to rafax00
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server Moderate
CVE-2022-31036 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
AdamKorcz DavidKorczynski
Credited to AdamKorcz and DavidKorczynski
AutoUpdater module fails to validate certain nested components of the bundle Moderate
CVE-2022-29257 was published for electron (npm) Jun 16, 2022
Calico vulnerable to pod route hijacking Moderate
CVE-2022-28224 was published for github.com/projectcalico/calico (Go) Jun 7, 2022
joshbressers
Credited to joshbressers
Incomplete validation in signal ops leads to crashes in TensorFlow Moderate
CVE-2022-29213 was published for tensorflow (pip) May 24, 2022
Core dump when loading TFLite models with quantization in TensorFlow Moderate
CVE-2022-29212 was published for tensorflow (pip) May 24, 2022
Segfault if `tf.histogram_fixed_width` is called with NaN values in TensorFlow Moderate
CVE-2022-29211 was published for tensorflow (pip) May 24, 2022
Undefined behavior when users supply invalid resource handles Moderate
CVE-2022-29207 was published for tensorflow (pip) May 24, 2022
Missing validation results in undefined behavior in `SparseTensorDenseAdd Moderate
CVE-2022-29206 was published for tensorflow (pip) May 24, 2022
Missing validation causes denial of service via `Conv3DBackpropFilterV2` Moderate
CVE-2022-29204 was published for tensorflow (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database