GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
298 advisories
Filter by severity
Privilege escalation in Strongbox
Moderate
GHSA-mhgm-52vg-pvvc
was published
for
com.schibsted.security:strongbox-sdk
(Maven)
Feb 16, 2023
Switcher Client contains Regular Expression Denial of Service (ReDoS)
High
CVE-2023-23925
was published
for
switcher-client
(npm)
Feb 2, 2023
Warp vulnerable to Path Traversal via Improper validation of Windows paths
High
GHSA-8v4j-7jgf-5rg9
was published
for
warp
(Rust)
Jan 31, 2023
http-cache-semantics vulnerable to Regular Expression Denial of Service
High
CVE-2022-25881
was published
for
http-cache-semantics
(Maven)
Jan 31, 2023
Command injection in Git package in Wrangler
High
CVE-2022-31249
was published
for
github.com/rancher/wrangler
(Go)
Jan 25, 2023
Velociraptor subject to Path Traversal
Moderate
CVE-2023-0290
was published
for
www.velocidex.com/golang/velociraptor
(Go)
Jan 19, 2023
ReDoS based DoS vulnerability in GlobalID
Low
CVE-2023-22799
was published
for
globalid
(RubyGems)
Jan 18, 2023
webbrowser-rs allows attackers to access arbitrary files via supplying a crafted URL
Critical
CVE-2022-45299
was published
for
webbrowser
(Rust)
Jan 13, 2023
bzip2 allows attackers to cause a denial of service via a large file that triggers an integer overflow
High
CVE-2023-22895
was published
for
bzip2
(Rust)
Jan 10, 2023
Yapscan's report receiver server vulnerable to path traversal and log injection
High
GHSA-9h6h-9g78-86f7
was published
for
github.com/fkie-cad/yapscan
(Go)
Dec 29, 2022
php-mod/curl allows Cross-site Scripting
Moderate
CVE-2021-30134
was published
for
php-mod/curl
(Composer)
Dec 26, 2022
Knex.js has a limited SQL injection vulnerability
High
CVE-2016-20018
was published
for
knex
(npm)
Dec 19, 2022
.NET Remote Code Execution Vulnerability
High
CVE-2022-41089
was published
for
Microsoft.WindowsDesktop.App.Runtime.win-arm64
(NuGet)
Dec 14, 2022
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)
Critical
CVE-2022-47408
was published
for
fixpunkt/fp-newsletter
(Composer)
Dec 14, 2022
csaf-poc/csaf_distribution Cross-site Scripting vulnerability
Moderate
CVE-2022-43996
was published
for
github.com/csaf-poc/csaf_distribution
(Go)
Dec 14, 2022
Sentry vulnerable to invite code reuse via cookie manipulation
Moderate
CVE-2022-23485
was published
for
sentry
(pip)
Dec 12, 2022
GitPython vulnerable to Remote Code Execution due to improper user input validation
Critical
CVE-2022-24439
was published
for
GitPython
(pip)
Dec 6, 2022
hyper-staticfile's improper validation of Windows paths could lead to directory traversal attack
Moderate
GHSA-7p7c-pvvx-2vx3
was published
for
hyper-staticfile
(Rust)
Dec 5, 2022
ff4j is vulnerable to Remote Code Execution (RCE)
Critical
CVE-2022-44262
was published
for
org.ff4j:ff4j-core
(Maven)
Dec 1, 2022
Zenario CMS is vulnerable to Remote Code Execution (RCE).
Critical
CVE-2022-44136
was published
for
tribalsystems/zenario
(Composer)
Nov 30, 2022
code injection in phpxmlrpc/phpxmlrpc
High
GHSA-3fgr-xjr6-xqm8
was published
for
phpxmlrpc/phpxmlrpc
(Composer)
Nov 28, 2022
Browsershot does not validate URL protocols passed to Browsershot URL method
High
CVE-2022-41706
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
Browsershot version 3.57.3 vulnerable to improper input validation
Moderate
CVE-2022-43984
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
Concrete CMS vulnerable to Reflected Cross-site Scripting
Moderate
CVE-2022-43692
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
Concrete CMS vulnerable to Cross-site Scripting
Moderate
CVE-2022-43688
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
ProTip!
Advisories are also available from the
GraphQL API