Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,926
Erlang
39
GitHub Actions
38
Go
2,576
Maven
5,000+
npm
4,246
NuGet
754
pip
4,008
Pub
12
RubyGems
953
Rust
1,045
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,320 advisories

Loading
Widoco Path Traversal vulnerability High
CVE-2022-4772 was published for com.github.dgarijo:Widoco (Maven) Dec 28, 2022
Gin's default logger allows unsanitized input that can allow remote attackers to inject arbitrary log lines High
CVE-2020-36567 was published for github.com/gin-gonic/gin (Go) Dec 27, 2022
rdiffweb vulnerable to Open Redirect High
CVE-2022-4720 was published for rdiffweb (pip) Dec 27, 2022
rdiffweb has no rate limit on resend email feature High
CVE-2022-4723 was published for rdiffweb (pip) Dec 27, 2022
rdiffweb vulnerable to Authentication Bypass by Primary Weakness High
CVE-2022-4722 was published for rdiffweb (pip) Dec 27, 2022
Graphite Web Cross-site Scripting vulnerability Moderate
CVE-2022-4729 was published for graphite-web (pip) Dec 27, 2022
Graphite Web Cross-site Scripting vulnerability Moderate
CVE-2022-4728 was published for graphite-web (pip) Dec 27, 2022
rdiffweb vulnerable to Business Logic Errors Moderate
CVE-2022-4719 was published for rdiffweb (pip) Dec 27, 2022
rdiffweb vulnerable to Special Element Injection Moderate
CVE-2022-4721 was published for rdiffweb (pip) Dec 27, 2022
rdiffweb Improper Access Control vulnerability Critical
CVE-2022-4724 was published for rdiffweb (pip) Dec 27, 2022
Microweber vulnerable to unrestricted malicious uploads High
CVE-2022-4732 was published for microweber/microweber (Composer) Dec 27, 2022
usememos/memos vulnerable to stored Cross-site Scripting Moderate
CVE-2022-4695 was published for github.com/usememos/memos (Go) Dec 27, 2022
usememos/memos vulnerable to stored Cross-site Scripting Moderate
CVE-2022-4691 was published for github.com/usememos/memos (Go) Dec 27, 2022
usememos/memos may leak user information to an authenticated user Moderate
CVE-2022-4734 was published for github.com/usememos/memos (Go) Dec 27, 2022
usememos/memos vulnerable to stored Cross-site Scripting Moderate
CVE-2022-4694 was published for github.com/usememos/memos (Go) Dec 27, 2022
Graphite Web Cross-site Scripting vulnerability Moderate
CVE-2022-4730 was published for graphite-web (pip) Dec 27, 2022
AWS SDK is vulnerable to server-side request forgery (SSRF) Critical
CVE-2022-4725 was published for com.amazonaws:aws-android-sdk-mobile-client (Maven) Dec 27, 2022
usememos/memos Denial of Service vulnerability High
CVE-2022-4767 was published for github.com/usememos/memos (Go) Dec 27, 2022
SentinelOne impersonated via PyPI packages High
GHSA-g86j-hwg9-77q5 was published for SentinelOne (pip) Dec 27, 2022
Hazelcast connection caching Critical
CVE-2022-36437 was published for com.hazelcast.jet:hazelcast-jet (Maven) Dec 27, 2022
Oxidized Web vulnerable to Cross-site Scripting Moderate
CVE-2019-25088 was published for oxidized-web (RubyGems) Dec 27, 2022
cocagne pysrp vulnerable to side channel leaks High
CVE-2021-4286 was published for srp (pip) Dec 27, 2022
binwalk vulnerable to UNIX Symbolic Link (Symlink) Following Moderate
CVE-2021-4287 was published for binwalk (pip) Dec 27, 2022
markdown-it vulnerable to Inefficient Regular Expression Complexity High
CVE-2015-10005 was published for markdown-it (npm) Dec 27, 2022
email-existence Inefficient Regular Expression Complexity vulnerability High
CVE-2018-25049 was published for email-existence (npm) Dec 27, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database