Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,128 advisories

Loading
Remote shell execution vulnerability in image_processing Critical
CVE-2022-24720 was published for image_processing (RubyGems) Mar 1, 2022
Remote CLI Command Execution Vulnerability in CodeIgniter4 Critical
CVE-2022-24711 was published for codeigniter4/framework (Composer) Mar 1, 2022
iRedds
Credited to iRedds
Improper input validation in Drupal core High
CVE-2022-25271 was published for drupal/core (Composer) Feb 18, 2022
Crypt_GPG does not prevent additional options in GPG calls Moderate
CVE-2022-24953 was published for pear/crypt_gpg (Composer) Feb 18, 2022
Magento improper input validation vulnerability Critical
CVE-2022-24086 was published for magento/community-edition (Composer) Feb 17, 2022
Improper Input Validation in Docker Engine Moderate
CVE-2020-13401 was published for github.com/docker/docker-ce (Go) Feb 15, 2022
DNS Rebinding in etcd Moderate
CVE-2018-1099 was published for go.etcd.io/etcd (Go) Feb 15, 2022
Improper Input Validation in vault-ssh-helper High
CVE-2020-24359 was published for github.com/hashicorp/vault-ssh-helper (Go) Feb 15, 2022
Gitea Improper Input Validation High
CVE-2019-11228 was published for github.com/go-gitea/gitea (Go) Feb 15, 2022
containernetworking/cni improper limitation of path name High
CVE-2021-20206 was published for github.com/containernetworking/cni (Go) Feb 15, 2022
Directory traversal in Kubernetes Secrets Store CSI Driver Moderate
CVE-2020-8568 was published for sigs.k8s.io/secrets-store-csi-driver (Go) Feb 15, 2022
Improper Input Validation and Excessive Iteration in Go Facebook Thrift High
CVE-2019-3564 was published for github.com/facebook/fbthrift (Go) Feb 15, 2022
oliverchang
Credited to oliverchang
Improper Input Validation in Xerces Moderate
CVE-2020-14338 was published for xerces:xercesImpl (Maven) Feb 15, 2022
mcr-paulanand
Credited to mcr-paulanand
Improper input validation in umoci Moderate
CVE-2021-29136 was published for github.com/opencontainers/umoci (Go) Feb 15, 2022
Permissive parameters and privilege escalation Moderate
CVE-2018-20301 was published for coherence (Erlang) Feb 10, 2022
Improper Handling of Exceptional Conditions and Improper Input Validation in Reactor Netty High
CVE-2020-5403 was published for io.projectreactor.netty:reactor-netty-http (Maven) Feb 10, 2022
Prototype pollution in pathval High
CVE-2020-7751 was published for pathval (npm) Feb 10, 2022
Improper Input Validation in Apache Solr Moderate
CVE-2020-13941 was published for org.apache.solr:solr-parent (Maven) Feb 10, 2022
Injection and Improper Input Validation in Apache Unomi Critical
CVE-2020-13942 was published for org.apache.unomi:unomi (Maven) Feb 10, 2022
Improper Input Validation in Apache Unomi High
CVE-2020-11975 was published for org.apache.unomi:unomi (Maven) Feb 9, 2022
Data Amplification in Play Framework Low
CVE-2020-28923 was published for com.typesafe.play:play (Maven) Feb 9, 2022
Improper Input Validation in Keycloak High
CVE-2020-1714 was published for org.keycloak:keycloak-common (Maven) Feb 9, 2022
Server-side request forgery (SSRF) in Apache Batik High
CVE-2019-17566 was published for org.apache.xmlgraphics:batik (Maven) Feb 9, 2022
Server-side request forgery (SSRF) in Apache XmlGraphics Commons High
CVE-2020-11988 was published for org.apache.xmlgraphics:xmlgraphics-commons (Maven) Feb 9, 2022
Validation bypass in frourio-express High
CVE-2022-23624 was published for frourio-express (npm) Feb 7, 2022
SegaraRai LumaKernel
Credited to SegaraRai and LumaKernel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database