The Wayback Machine - https://web.archive.org/web/20220111021030/https://github.com/advisories
Skip to content

GitHub Advisory Database

The latest security vulnerabilities from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
558
Go
266
Maven
968
npm
2,245
NuGet
159
pip
885
RubyGems
440
Rust
383
Unreviewed advisories
All unreviewed
2,412

5,874 advisories

Infinite loop causing Denial of Service in colors High
GHSA-5rqg-jm4f-cqx7 was published for Colors (npm) Jan 10, 2022
Denial of Service in soketi High
CVE-2022-21667 was published for @soketi/soketi (npm) Jan 8, 2022
A potential Denial of Service issue in protobuf-java High
CVE-2021-22569 was published for com.google.protobuf:protobuf-java (RubyGems) Jan 7, 2022
Prototype Pollution in node-forge debug API. Low
GHSA-5rrq-pxf6-6jx5 was published for node-forge (npm) Jan 8, 2022
Prototype Pollution in node-forge util.setPath API Low
GHSA-wxgw-qj99-44c2 was published for node-forge (npm) Jan 8, 2022
URL parsing in node-forge could lead to undesired behavior. Low
GHSA-gf8q-jrpm-jvxq was published for node-forge (npm) Jan 8, 2022
Cross-site Scripting in Scratch-Svg-Renderer Moderate
CVE-2020-27428 was published for scratch-svg-renderer (npm) Jan 8, 2022
Cross-site Scripting in Apache Pluto Moderate
CVE-2021-36737 was published for org.apache.portals.pluto:pluto-portal (Maven) Jan 8, 2022
Cross-site Scripting in Apache Pluto Moderate
CVE-2021-36738 was published for org.apache.portals.pluto:pluto-portal (Maven) Jan 8, 2022
Cross-site Scripting in Apache Pluto Moderate
CVE-2021-36739 was published for org.apache.portals.pluto:pluto-portal (Maven) Jan 8, 2022
Command Injection in Apache Kylin Moderate
CVE-2021-45456 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
Server-Side Request Forgery in Apache Kylin Moderate
CVE-2021-27738 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
Kylin can receive user input and load any class through Class.forName(...). Moderate
CVE-2021-31522 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
SQL Injection in Apache Kylin Moderate
CVE-2021-36774 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
Token validation bypass in Pac4j High
CVE-2021-44878 was published for org.pac4j:pac4j-core (Maven) Jan 8, 2022
Use of Hard-coded Credentials in Apache Kylin Moderate
CVE-2021-45458 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. Moderate
CVE-2021-45457 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4194 was published for ssddanbrown/bookstack (Composer) Jan 8, 2022
Allocation of Resources Without Limits or Throttling in Apache Avro Moderate
CVE-2021-43045 was published for Apache.Avro (NuGet) Jan 8, 2022
An authenticated user can execute arbitrary command in Gerapy High
CVE-2021-32849 was published for gerapy (pip) Jan 6, 2022
Hash collision in typelevel jawn Moderate
CVE-2022-21653 was published for org.typelevel:jawn-parser (Maven) Jan 6, 2022
kag0
Open redirect in shopware Moderate
CVE-2022-21651 was published for shopware/shopware (Composer) Jan 6, 2022
Insufficient Session Expiration in shopware Low
CVE-2022-21652 was published for shopware/shopware (Composer) Jan 6, 2022
RCE in H2 Console Critical
CVE-2021-42392 was published for com.h2database:h2 (Maven) Jan 6, 2022
Uncapped length of skin data fields submitted by players High
GHSA-c6fg-99pr-25m9 was published for pocketmine/pocketmine-mp (Composer) Jan 6, 2022
ProTip! Advisories are also available from the GraphQL API