Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,884
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,202
NuGet
743
pip
3,977
Pub
12
RubyGems
947
Rust
1,033
Swift
39
Unreviewed advisories
All unreviewed
5,000+

24,099 advisories

Loading
Spring Boot Admins integrated notifier support allows arbitrary code execution High
CVE-2022-46166 was published for de.codecentric:spring-boot-admin (Maven) Dec 9, 2022
Tim-Conrad
Akeneo PIM Community Edition vulnerable to remote php code execution High
CVE-2022-46157 was published for akeneo/pim-community-dev (Composer) Dec 9, 2022
Mingsoft MCMS vulnerable to SQL Injection Critical
CVE-2022-4375 was published for net.mingsoft:ms-mcms (Maven) Dec 9, 2022
Cross-site scripting vulnerability in TinyMCE alerts Moderate
CVE-2022-23494 was published for TinyMCE (Composer) Dec 8, 2022
P4rkJW
golang.org/x/net/http2 vulnerable to possible excessive memory growth Moderate
CVE-2022-41717 was published for golang.org/x/net (Go) Dec 8, 2022
westonsteimel
Buildah (as part of Podman) vulnerable to Link Following Moderate
CVE-2022-4122 was published for github.com/containers/podman/v4 (Go) Dec 8, 2022
guidobonomi
Buildah (as part of Podman) vulnerable to Path Traversal Low
CVE-2022-4123 was published for github.com/containers/podman/v4 (Go) Dec 8, 2022
go-merkledag's ProtoNode may be modified such that common method calls may panic High
CVE-2022-23495 was published for github.com/ipfs/go-merkledag (Go) Dec 8, 2022
mrd0ll4r
PrestaShop has potential Information exposure in the upload directory Moderate
CVE-2022-46158 was published for prestashop/prestashop (Composer) Dec 8, 2022
Traefik may display authorization header in the debug logs Low
CVE-2022-23469 was published for github.com/traefik/traefik/v2 (Go) Dec 8, 2022
Traefik routes exposed with an empty TLSOption Moderate
CVE-2022-46153 was published for github.com/traefik/traefik/v2 (Go) Dec 8, 2022
Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code Moderate
GHSA-969w-q74q-9j8v was published for secp256k1 (Rust) Dec 8, 2022
Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List High
CVE-2022-23496 was published for nl.basjes.parse.useragent:yauaa (Maven) Dec 8, 2022
binary-1024
Mingsoft MCMS vulnerable to Cross-site Scripting Moderate
CVE-2022-4350 was published for net.mingsoft:ms-mcms (Maven) Dec 8, 2022
RuoYi-Cloud Cross-site Scripting vulnerability Moderate
CVE-2022-4348 was published for com.ruoyi:ruoyi-common (Maven) Dec 8, 2022
Unchecked return value from xmlTextReaderExpand High
CVE-2022-23476 was published for nokogiri (RubyGems) Dec 8, 2022
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23487 was published for libp2p (npm) Dec 7, 2022
containerd CRI stream server vulnerable to host memory exhaustion via terminal Moderate
CVE-2022-23471 was published for github.com/containerd/containerd (Go) Dec 7, 2022
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23492 was published for github.com/libp2p/go-libp2p (Go) Dec 7, 2022
Certifi removing TrustCor root certificate Moderate
CVE-2022-23491 was published for certifi (pip) Dec 7, 2022
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23486 was published for libp2p (Rust) Dec 7, 2022
Echo vulnerable to directory traversal Moderate
CVE-2020-36565 was published for github.com/labstack/echo/v4 (Go) Dec 7, 2022
PaddlePaddle vulnerable to Code Injection Critical
CVE-2022-46742 was published for paddlepaddle (pip) Dec 7, 2022
mattberry3
PaddlePaddle Out-of-bounds Read vulnerability Critical
CVE-2022-46741 was published for paddlepaddle (pip) Dec 7, 2022
baserCMS vulnerable to stored Cross-site Scripting Moderate
CVE-2022-41994 was published for baserproject/basercms (Composer) Dec 7, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database