The Wayback Machine - https://web.archive.org/web/20220924144211/https://github.com/advisories
Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

9,141 advisories

Weight not properly refunded after EVM execution Moderate
CVE-2022-39242 was published for frontier (Rust) Sep 23, 2022
Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library High
GHSA-gmhj-xjfh-cf6m was published for github.com/mohammed90/caddy-ssh (Go) Sep 23, 2022
porcupineyhairs
protobuf-cpp and protobuf-python have potential Denial of Service issue Moderate
CVE-2022-1941 was published for protobuf (pip) Sep 23, 2022
Besu VM vulnerable to gas allocation error in CALL operations Critical
CVE-2022-36025 was published for org.hyperledger.besu:evm (Maven) Sep 23, 2022
holiman
Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials Critical
CVE-2021-36782 was published for github.com/rancher/rancher (Go) Sep 23, 2022
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles Moderate
CVE-2022-2256 was published for org.keycloak:keycloak-parent (Maven) Sep 23, 2022
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console High
CVE-2022-2668 was published for org.keycloak:keycloak-parent (Maven) Sep 23, 2022
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete High
GHSA-28q9-9c3g-v3f9 was published for github.com/treeverse/lakefs (Go) Sep 23, 2022
HashiCorp Vault vulnerable to incorrect metadata access Moderate
CVE-2022-40186 was published for github.com/hashicorp/vault (Go) Sep 23, 2022
Liferay Portal Missing Authorization vulnerability Moderate
CVE-2022-39975 was published for com.liferay.portal:release.portal.bom (Maven) Sep 23, 2022
Apache Batik vulnerable to Server-Side Request Forgery High
CVE-2022-40146 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
Apache Batik vulnerable to Server-Side Request Forgery Moderate
CVE-2022-38648 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
Apache Batik Server-Side Request Forgery Moderate
CVE-2022-38398 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed High
CVE-2022-3274 was published for rdiffweb (pip) Sep 23, 2022
ICEcoder vulnerable to Path Traversal Moderate
CVE-2022-34026 was published for icecoder/icecoder (Composer) Sep 23, 2022
rdiffweb Cross-Site Request Forgery vulnerability Moderate
CVE-2022-3267 was published for rdiffweb (pip) Sep 23, 2022
Apache Airflow vulnerable to Use of Externally-Controlled Format String High
CVE-2022-40604 was published for apache-airflow (pip) Sep 22, 2022
Apache Airflow vulnerable to open redirect Moderate
CVE-2022-40754 was published for apache-airflow (pip) Sep 22, 2022
OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type Low
CVE-2022-2872 was published for OctoPrint (pip) Sep 22, 2022
OctoPrint vulnerable to Insufficient Session Expiration. Moderate
CVE-2022-2888 was published for OctoPrint (pip) Sep 22, 2022
OctoPrint Improper Privilege Management vulnerability High
CVE-2022-3068 was published for OctoPrint (pip) Sep 22, 2022
Pimcore vulnerable to cross site scripting Moderate
CVE-2022-3255 was published for pimcore/pimcore (Composer) Sep 22, 2022
Jenkins View26 Test-Reporting Plugin improperly validates hostname High
CVE-2022-41244 was published for org.jenkins-ci.plugins:view26 (Maven) Sep 22, 2022
Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted Moderate
CVE-2022-41247 was published for org.jenkins-ci.plugins:bigpanda-jenkins (Maven) Sep 22, 2022
Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference Critical
CVE-2022-41241 was published for net.praqma:rqm-plugin (Maven) Sep 22, 2022
ProTip! Advisories are also available from the GraphQL API