Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,128 advisories

Loading
Apache Struts vulnerable to Improper Input Validation High
CVE-2006-1546 was published for struts:struts (Maven) May 1, 2022
Improper Input Validation in httpx Critical
CVE-2021-41945 was published for httpx (pip) Apr 29, 2022
lebr0nli Bibo-Joshi
AngellusMortis marcoaaguiar br3ndonland
Credited to lebr0nli, Bibo-Joshi, AngellusMortis, marcoaaguiar, and br3ndonland
ballcat-codegen template engine remote code execution injection High
CVE-2022-24881 was published for com.hccake:ballcat-codegen (Maven) Apr 27, 2022
LuckyT0mat0
Credited to LuckyT0mat0
RubyGems passenger gem allows remote attackers to delete files High
CVE-2012-6135 was published for passenger (RubyGems) Apr 23, 2022
jasnow
Credited to jasnow
Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access High
CVE-2012-4438 was published for org.jenkins-ci.main:jenkins-core (Maven) Apr 23, 2022
Insufficient type validation in pocketmine/pocketmine-mp High
GHSA-g5rr-p69h-7v3g was published for pocketmine/pocketmine-mp (Composer) Apr 22, 2022
kurt-r2c
Credited to kurt-r2c
Improper Input Validation in GeoServer High
CVE-2022-24847 was published for org.geoserver:gs-main (Maven) Apr 22, 2022
kurt-r2c
Credited to kurt-r2c
Missing input validation can lead to command execution in composer High
CVE-2022-24828 was published for composer/composer (Composer) Apr 22, 2022
thomas-chauchefoin-sonarsource
Credited to thomas-chauchefoin-sonarsource
Smarty3 Arbitrary PHP Code Execution Critical
CVE-2011-1028 was published for smarty/smarty (Composer) Apr 22, 2022
Typo3 Arbitrary File Delete Moderate
CVE-2011-4902 was published for typo3/cms (Composer) Apr 22, 2022
Typo3 Improper Access Control Moderate
CVE-2011-4904 was published for typo3/cms (Composer) Apr 22, 2022
TYPO3 is vulnerable to Spam Abuse in the native form content element Moderate
CVE-2010-3667 was published for typo3/cms-frontend (Composer) Apr 21, 2022
Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL High
CVE-2022-29049 was published for org.jenkins-ci.plugins:promoted-builds (Maven) Apr 13, 2022
NotMyFault westonsteimel
Credited to NotMyFault and westonsteimel
Header Injection Moderate
CVE-2018-1000883 was published for plug (Erlang) Apr 12, 2022
Incorrect protocol extraction via \r, \n and \t characters High
CVE-2022-1243 was published for urijs (npm) Apr 6, 2022
Haxatron chrisbloom7
Credited to Haxatron and chrisbloom7
Improper Input Validation in GoGo Protobuf High
CVE-2021-3121 was published for github.com/gogo/protobuf (Go) Mar 28, 2022
Unrestricted Upload of File with Dangerous Type in Gogs High
CVE-2022-0415 was published for gogs.io/gogs (Go) Mar 28, 2022
wuhan005
Credited to wuhan005
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors() Critical
CVE-2020-13756 was published for sabberworm/php-css-parser (Composer) Mar 26, 2022
FormField with square brackets in field name skips validation Moderate
CVE-2020-26138 was published for silverstripe/framework (Composer) Mar 26, 2022
Improper Input Validation in guzzlehttp/psr7 Moderate
CVE-2022-24775 was published for guzzlehttp/psr7 (Composer) Mar 25, 2022
TimWolla GrahamCampbell
Credited to TimWolla and GrahamCampbell
NaN/INF in serverbound movement packets can crash clients and servers High
GHSA-fm35-jgg3-3grx was published for pocketmine/pocketmine-mp (Composer) Mar 18, 2022
Spoofing attack in swagger-ui Moderate
CVE-2018-25031 was published for org.webjars:swagger-ui (Maven) Mar 12, 2022
AndrzejBiernacki2010
Credited to AndrzejBiernacki2010
Improper Input Validation in url-js Moderate
CVE-2022-25839 was published for url-js (npm) Mar 12, 2022
Improper Input Validation and Allocation of Resources Without Limits or Throttling in poi-scratchpad Moderate
CVE-2022-26336 was published for org.apache.poi:poi-scratchpad (Maven) Mar 5, 2022
SunBK201
Credited to SunBK201
Leading white space bypasses protocol validation Moderate
CVE-2022-24723 was published for urijs (npm) Mar 3, 2022
P0cas
Credited to P0cas
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database