Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,337 advisories

Loading
When receiving an HTML email that contained an <code>iframe</code> element, which used a <code... Moderate Unreviewed
CVE-2022-3032 was published Dec 22, 2022
An attacker could have written a value to the first element in a zero-length JavaScript array.... Moderate Unreviewed
CVE-2022-38475 was published Dec 22, 2022
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where... Moderate Unreviewed
CVE-2022-3188 was published Dec 22, 2022
AAD Pod Identity obtaining token with backslash Moderate
CVE-2022-23551 was published for github.com/Azure/aad-pod-identity (Go) Dec 21, 2022
Adobe Experience Manager version 6.5.14 (and earlier) is affected by an Incorrect Authorization... Moderate Unreviewed
CVE-2022-42351 was published Dec 21, 2022
In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to... Moderate Unreviewed
CVE-2022-20572 was published Dec 21, 2022
IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP... Moderate Unreviewed
CVE-2022-43872 was published Dec 20, 2022
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2... Moderate Unreviewed
CVE-2022-46400 was published Dec 20, 2022
A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension... Moderate Unreviewed
CVE-2022-4613 was published Dec 19, 2022
An access issue was addressed with additional sandbox restrictions on third-party apps. This... Moderate Unreviewed
CVE-2022-32945 was published Dec 15, 2022
Windows SmartScreen Security Feature Bypass Vulnerability. Moderate Unreviewed
CVE-2022-44698 was published Dec 13, 2022
Azure Network Watcher Agent Security Feature Bypass Vulnerability. Moderate Unreviewed
CVE-2022-44699 was published Dec 13, 2022
SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain... Moderate Unreviewed
CVE-2022-41274 was published Dec 13, 2022
The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress... Moderate Unreviewed
CVE-2022-3882 was published Dec 12, 2022
The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does... Moderate Unreviewed
CVE-2022-3879 was published Dec 12, 2022
Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint... Moderate Unreviewed
CVE-2022-45956 was published Dec 12, 2022
CrowdStrike Falcon 6.44.15806 allows an administrative attacker to uninstall Falcon Sensor,... Moderate Unreviewed
CVE-2022-44721 was published Dec 4, 2022
The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up... Moderate Unreviewed
CVE-2022-4036 was published Nov 29, 2022
The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not... Moderate Unreviewed
CVE-2022-24189 was published Nov 29, 2022
Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69... Moderate Unreviewed
CVE-2022-40216 was published Nov 19, 2022
Incorrect permission checks in Jenkins Support Core Plugin Moderate
CVE-2022-45383 was published for org.jenkins-ci.plugins:support-core (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
A vulnerability in the authentication and authorization flows for VPN connections in Cisco... Moderate Unreviewed
CVE-2022-20928 was published Nov 16, 2022
The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization /... Moderate Unreviewed
CVE-2022-40843 was published Nov 15, 2022
Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE... Moderate Unreviewed
CVE-2022-41091 was published Nov 10, 2022
Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from... Moderate Unreviewed
CVE-2022-3413 was published Nov 10, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database