GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,410 advisories
Filter by severity
GeniXCMS XSS Vulnerability
Moderate
CVE-2017-17431
was published
for
genix/cms
(Composer)
May 17, 2022
Shell command injection in gitea
High
CVE-2022-30781
was published
for
code.gitea.io/gitea
(Go)
May 17, 2022
Formidable arbitrary file upload
Critical
CVE-2022-29622
was published
for
formidable
(npm)
May 17, 2022
•
withdrawn
Withdrawn: Code execution via SVG file upload in tiddlywiki
Critical
CVE-2022-29351
was published
for
tiddlywiki
(npm)
May 17, 2022
•
withdrawn
Cross-site Scripting in bootstrap-table
Moderate
CVE-2022-1726
was published
for
bootstrap-table
(npm)
May 17, 2022
Publify exposes article metadata
Moderate
CVE-2022-1553
was published
for
publify_core
(RubyGems)
May 17, 2022
Publify Incorrect Authorization
Moderate
CVE-2022-0574
was published
for
publify_core
(RubyGems)
May 17, 2022
Publify vulnerable to code injection
Moderate
CVE-2022-0578
was published
for
publify_core
(RubyGems)
May 17, 2022
Regular expression denial of service in apache tika
Moderate
CVE-2022-30126
was published
for
org.apache.tika:tika
(Maven)
May 17, 2022
Apache Tika vulnerable to uncontrolled memory consumption
Moderate
CVE-2022-25169
was published
for
org.apache.tika:tika
(Maven)
May 17, 2022
Improper Input Validation in IpMatcher
Critical
CVE-2021-33318
was published
for
IpMatcher
(NuGet)
May 17, 2022
Crafter CMS Crafter Studio vulnerable to Improper Control of Dynamically-Managed Code Resources
High
CVE-2021-23267
was published
for
org.craftercms:crafter-studio
(Maven)
May 17, 2022
Log value insertion in craftercms
Moderate
CVE-2021-23266
was published
for
org.craftercms:craftercms
(Maven)
May 17, 2022
Improper Privilege Management in craftercms
Moderate
CVE-2021-23265
was published
for
org.craftercms:craftercms
(Maven)
May 17, 2022
Improper kubeconfig validation allows arbitrary code execution
Critical
CVE-2022-24817
was published
for
github.com/fluxcd/flux2
(Go)
May 16, 2022
ChakraCore RCE Vulnerability
High
CVE-2017-11905
was published
for
Microsoft.ChakraCore
(NuGet)
May 14, 2022
Incorrect Privilege Assignment in Jinja2
Moderate
CVE-2014-1402
was published
for
Jinja2
(pip)
May 14, 2022
Cross-site Scripting in Jenkins Core
Moderate
CVE-2017-17383
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
ChakraCore RCE Vulnerability
High
CVE-2017-11889
was published
for
Microsoft.ChakraCore
(NuGet)
May 14, 2022
lxml Cross-site Scripting Via Control Characters
Moderate
CVE-2014-3146
was published
for
lxml
(pip)
May 14, 2022
OpenStack Heat template URL information leakage
Low
CVE-2014-3801
was published
for
openstack-heat
(pip)
May 14, 2022
Typo3 Host Header Spoofing Vulnerability
Moderate
CVE-2014-3941
was published
for
typo3/cms
(Composer)
May 14, 2022
Reddit Terminal Viewer (RTV) vulnerable to argument injection attacks
High
CVE-2017-17516
was published
for
rtv
(pip)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API