Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,410 advisories

Loading
GeniXCMS XSS Vulnerability Moderate
CVE-2017-17431 was published for genix/cms (Composer) May 17, 2022
SQL injection in calibreweb Critical
CVE-2022-30765 was published for calibreweb (pip) May 17, 2022
Shell command injection in gitea High
CVE-2022-30781 was published for code.gitea.io/gitea (Go) May 17, 2022
Formidable arbitrary file upload Critical
CVE-2022-29622 was published for formidable (npm) May 17, 2022 withdrawn
Withdrawn: Code execution via SVG file upload in tiddlywiki Critical
CVE-2022-29351 was published for tiddlywiki (npm) May 17, 2022 withdrawn
Cross-site Scripting in bootstrap-table Moderate
CVE-2022-1726 was published for bootstrap-table (npm) May 17, 2022
Publify exposes article metadata Moderate
CVE-2022-1553 was published for publify_core (RubyGems) May 17, 2022
Publify Incorrect Authorization Moderate
CVE-2022-0574 was published for publify_core (RubyGems) May 17, 2022
Publify vulnerable to code injection Moderate
CVE-2022-0578 was published for publify_core (RubyGems) May 17, 2022
Regular expression denial of service in apache tika Moderate
CVE-2022-30126 was published for org.apache.tika:tika (Maven) May 17, 2022
Apache Tika vulnerable to uncontrolled memory consumption Moderate
CVE-2022-25169 was published for org.apache.tika:tika (Maven) May 17, 2022
Improper Input Validation in IpMatcher Critical
CVE-2021-33318 was published for IpMatcher (NuGet) May 17, 2022
Crafter CMS Crafter Studio vulnerable to Improper Control of Dynamically-Managed Code Resources High
CVE-2021-23267 was published for org.craftercms:crafter-studio (Maven) May 17, 2022
Log value insertion in craftercms Moderate
CVE-2021-23266 was published for org.craftercms:craftercms (Maven) May 17, 2022
Improper Privilege Management in craftercms Moderate
CVE-2021-23265 was published for org.craftercms:craftercms (Maven) May 17, 2022
Improper kubeconfig validation allows arbitrary code execution Critical
CVE-2022-24817 was published for github.com/fluxcd/flux2 (Go) May 16, 2022
pjbgf
ChakraCore RCE Vulnerability High
CVE-2017-11905 was published for Microsoft.ChakraCore (NuGet) May 14, 2022
Incorrect Privilege Assignment in Jinja2 Moderate
CVE-2014-1402 was published for Jinja2 (pip) May 14, 2022
Cross-site Scripting in Jenkins Core Moderate
CVE-2017-17383 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
ChakraCore RCE Vulnerability High
CVE-2017-11889 was published for Microsoft.ChakraCore (NuGet) May 14, 2022
lxml Cross-site Scripting Via Control Characters Moderate
CVE-2014-3146 was published for lxml (pip) May 14, 2022
joshbressers
OpenStack Heat template URL information leakage Low
CVE-2014-3801 was published for openstack-heat (pip) May 14, 2022
Typo3 Host Header Spoofing Vulnerability Moderate
CVE-2014-3941 was published for typo3/cms (Composer) May 14, 2022
Typo3 XSS Vulnerabilities Low
CVE-2014-3943 was published for typo3/cms (Composer) May 14, 2022
Reddit Terminal Viewer (RTV) vulnerable to argument injection attacks High
CVE-2017-17516 was published for rtv (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API