GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
1,064
Erlang
18
GitHub Actions
3
Go
613
Maven
2,175
npm
2,687
NuGet
224
pip
1,367
RubyGems
515
Rust
527
Unreviewed advisories
All unreviewed
5,000+
9,141 advisories
Filter by severity
Weight not properly refunded after EVM execution
Moderate
CVE-2022-39242
was published
for
frontier
(Rust)
Sep 23, 2022
Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library
High
GHSA-gmhj-xjfh-cf6m
was published
for
github.com/mohammed90/caddy-ssh
(Go)
Sep 23, 2022
protobuf-cpp and protobuf-python have potential Denial of Service issue
Moderate
CVE-2022-1941
was published
for
protobuf
(pip)
Sep 23, 2022
Besu VM vulnerable to gas allocation error in CALL operations
Critical
CVE-2022-36025
was published
for
org.hyperledger.besu:evm
(Maven)
Sep 23, 2022
Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials
Critical
CVE-2021-36782
was published
for
github.com/rancher/rancher
(Go)
Sep 23, 2022
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles
Moderate
CVE-2022-2256
was published
for
org.keycloak:keycloak-parent
(Maven)
Sep 23, 2022
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console
High
CVE-2022-2668
was published
for
org.keycloak:keycloak-parent
(Maven)
Sep 23, 2022
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete
High
GHSA-28q9-9c3g-v3f9
was published
for
github.com/treeverse/lakefs
(Go)
Sep 23, 2022
HashiCorp Vault vulnerable to incorrect metadata access
Moderate
CVE-2022-40186
was published
for
github.com/hashicorp/vault
(Go)
Sep 23, 2022
Liferay Portal Missing Authorization vulnerability
Moderate
CVE-2022-39975
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Sep 23, 2022
Apache Batik vulnerable to Server-Side Request Forgery
High
CVE-2022-40146
was published
for
org.apache.xmlgraphics:batik
(Maven)
Sep 23, 2022
Apache Batik vulnerable to Server-Side Request Forgery
Moderate
CVE-2022-38648
was published
for
org.apache.xmlgraphics:batik
(Maven)
Sep 23, 2022
Apache Batik Server-Side Request Forgery
Moderate
CVE-2022-38398
was published
for
org.apache.xmlgraphics:batik
(Maven)
Sep 23, 2022
rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed
High
CVE-2022-3274
was published
for
rdiffweb
(pip)
Sep 23, 2022
ICEcoder vulnerable to Path Traversal
Moderate
CVE-2022-34026
was published
for
icecoder/icecoder
(Composer)
Sep 23, 2022
rdiffweb Cross-Site Request Forgery vulnerability
Moderate
CVE-2022-3267
was published
for
rdiffweb
(pip)
Sep 23, 2022
Apache Airflow vulnerable to Use of Externally-Controlled Format String
High
CVE-2022-40604
was published
for
apache-airflow
(pip)
Sep 22, 2022
Apache Airflow vulnerable to open redirect
Moderate
CVE-2022-40754
was published
for
apache-airflow
(pip)
Sep 22, 2022
OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type
Low
CVE-2022-2872
was published
for
OctoPrint
(pip)
Sep 22, 2022
OctoPrint vulnerable to Insufficient Session Expiration.
Moderate
CVE-2022-2888
was published
for
OctoPrint
(pip)
Sep 22, 2022
OctoPrint Improper Privilege Management vulnerability
High
CVE-2022-3068
was published
for
OctoPrint
(pip)
Sep 22, 2022
Pimcore vulnerable to cross site scripting
Moderate
CVE-2022-3255
was published
for
pimcore/pimcore
(Composer)
Sep 22, 2022
Jenkins View26 Test-Reporting Plugin improperly validates hostname
High
CVE-2022-41244
was published
for
org.jenkins-ci.plugins:view26
(Maven)
Sep 22, 2022
Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted
Moderate
CVE-2022-41247
was published
for
org.jenkins-ci.plugins:bigpanda-jenkins
(Maven)
Sep 22, 2022
Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference
Critical
CVE-2022-41241
was published
for
net.praqma:rqm-plugin
(Maven)
Sep 22, 2022
ProTip!
Advisories are also available from the
GraphQL API

