Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,056
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

9,963 advisories

Loading
The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly... Moderate Unreviewed
CVE-2021-25009 was published Mar 8, 2022
The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in... Moderate Unreviewed
CVE-2022-0384 was published Mar 8, 2022
Exposure of Sensitive Information to an Unauthorized Actor in httpie Moderate
CVE-2022-24737 was published for httpie (pip) Mar 7, 2022
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory... Moderate Unreviewed
CVE-2021-3677 was published Mar 4, 2022
Incorrect Authorization in @uppy/companion High
CVE-2022-0528 was published for @uppy/companion (npm) Mar 4, 2022
Exposure of home directory through shescape on Unix with Bash Moderate
CVE-2022-24725 was published for shescape (npm) Mar 3, 2022
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone.... Moderate Unreviewed
CVE-2022-23779 was published Mar 3, 2022
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE... Moderate Unreviewed
CVE-2022-22303 was published Mar 3, 2022
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by... Moderate Unreviewed
CVE-2022-24447 was published Mar 3, 2022
containerd CRI plugin: Insecure handling of image volumes High
CVE-2022-23648 was published for github.com/containerd/containerd (Go) Mar 2, 2022
felixwilhelm
Credited to felixwilhelm
Forwarding of confidentials headers to third parties in fluture-node Low
CVE-2022-24719 was published for fluture-node (npm) Mar 1, 2022
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy Moderate
CVE-2022-0577 was published for scrapy (pip) Mar 1, 2022
ranjit-git
Credited to ranjit-git
The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have... Moderate Unreviewed
CVE-2022-0345 was published Mar 1, 2022
The Yoast SEO WordPress plugin before 17.3 discloses the full internal path of featured images in... Moderate Unreviewed
CVE-2021-25118 was published Mar 1, 2022
All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. The vulnerability... Moderate Unreviewed
CVE-2022-24633 was published Feb 25, 2022
Cookie exposure in requestretry High
CVE-2022-0654 was published for requestretry (npm) Feb 24, 2022
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink... Moderate Unreviewed
CVE-2021-44141 was published Feb 22, 2022
Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11). High Unreviewed
CVE-2022-23984 was published Feb 22, 2022
Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one... Moderate Unreviewed
CVE-2022-0708 was published Feb 22, 2022
A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux... Moderate Unreviewed
CVE-2021-20320 was published Feb 19, 2022
Exposure of Sensitive Information to an Unauthorized Actor in LemMinX Moderate
CVE-2022-0672 was published for org.eclipse.lemminx:lemminx-parent (Maven) Feb 19, 2022
tdunlap607
Credited to tdunlap607
The vulnerability discovered in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0... High Unreviewed
CVE-2022-23982 was published Feb 19, 2022
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint... Critical Unreviewed
CVE-2021-3773 was published Feb 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in librenms Moderate
CVE-2022-0588 was published for librenms/librenms (Composer) Feb 16, 2022
Gitea Exposes Private Email Addresses Moderate
CVE-2018-1000803 was published for github.com/go-gitea/gitea (Go) Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database