Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,358
Maven
5,000+
npm
3,979
NuGet
720
pip
3,777
Pub
12
RubyGems
924
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,979 advisories

Loading
ansible-runner has default temporary files written to world R/W locations Moderate
CVE-2021-3701 was published for ansible-runner (pip) Aug 24, 2022
Improper masking of credentials Jenkins in Git Plugin Moderate
CVE-2022-38663 was published for org.jenkins-ci.plugins:git (Maven) Aug 24, 2022
NotMyFault
RabbitMQ password stored in plain text by Jenkins CollabNet Plugins Plugin Low
CVE-2022-38665 was published for org.jenkins-ci.plugins:collabnet (Maven) Aug 24, 2022
NotMyFault
Cross-site Scripting in Jenkins Job Configuration History Plugin Moderate
CVE-2022-38664 was published for org.jenkins-ci.plugins:jobConfigHistory (Maven) Aug 24, 2022
NotMyFault
Cross site scripting in yetiforce/yetiforce-crm Moderate
CVE-2022-1340 was published for yetiforce/yetiforce-crm (Composer) Aug 23, 2022
Missing password strength check in notrinos/notrinos-erp High
CVE-2022-2927 was published for notrinos/notrinos-erp (Composer) Aug 23, 2022
Unverified Password Change in OctoPrint Moderate
CVE-2022-2930 was published for OctoPrint (pip) Aug 23, 2022
Incorrect implementation of lockout feature in Keycloak High
CVE-2021-3513 was published for org.keycloak:keycloak-parent (Maven) Aug 23, 2022
Cross site scripting in mobiledoc-kit Moderate
CVE-2022-2932 was published for mobiledoc-kit (npm) Aug 23, 2022
Cross site scripting in yetiforce/yetiforce-crm Moderate
CVE-2022-2890 was published for yetiforce/yetiforce-crm (Composer) Aug 23, 2022
Regular expression denial of service in eth-account Moderate
CVE-2022-1930 was published for eth-account (pip) Aug 23, 2022
Exposure of password hashes in notrinos/notrinos-erp High
CVE-2022-2921 was published for notrinos/notrinos-erp (Composer) Aug 22, 2022
Cross site scripting in yetiforce/yetiforce-crm Moderate
CVE-2022-2885 was published for yetiforce/yetiforce-crm (Composer) Aug 22, 2022
Remote code execution in Apache Flume Critical
CVE-2022-34916 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Aug 22, 2022
Incorrect Access Control and Cross Site Scripting in Jellyfin High
CVE-2022-35909 was published for Jellyfin.Common (NuGet) Aug 20, 2022
Magento Open Source has Improper Access Control vulnerability Moderate
CVE-2022-35692 was published for magento/community-edition (Composer) Aug 20, 2022
Improper Privilege Management in com.xuxueli:xxl-job High
CVE-2022-36157 was published for com.xuxueli:xxl-job (Maven) Aug 20, 2022
MarkLee131
Cross site scripting in getkirby/starterkit Moderate
CVE-2022-35174 was published for getkirby/starterkit (Composer) Aug 19, 2022
Path Traversal in Payara High
CVE-2022-37422 was published for fish.payara.api:payara-bom (Maven) Aug 19, 2022
Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service High
CVE-2022-35204 was published for vite (npm) Aug 19, 2022
dloetzke stypr
Use of Hard-coded Credentials in AgileConfig.Client Critical
CVE-2022-35540 was published for AgileConfig.Client (NuGet) Aug 19, 2022
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value Critical
CVE-2020-36599 was published for omniauth (RubyGems) Aug 19, 2022
gsimoesr
PocketMine-MP invalid skin geometry JSON data leading to server crash High
GHSA-8cwq-4cmf-px73 was published for pocketmine/pocketmine-mp (Composer) Aug 18, 2022
Incorrect parsing of EVM reversion exit reason in RPC Moderate
CVE-2022-36008 was published for fc-rpc (Rust) Aug 18, 2022
React Editable Json Tree vulnerable to arbitrary code execution via function parsing Critical
CVE-2022-36010 was published for react-editable-json-tree (npm) Aug 18, 2022
Phanabani oxyno-zeta
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database