Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,253
Maven
5,000+
npm
3,906
NuGet
704
pip
3,678
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,339 advisories

Loading
Log Injection in Apache Sling Commons Log and Apache Sling API Moderate
CVE-2022-32549 was published for org.apache.sling:org.apache.sling.api (Maven) Jun 23, 2022
Server-Side Request Forgery in Directus Moderate
CVE-2022-23080 was published for directus (npm) Jun 23, 2022
Unsafe yaml deserialization in NVFlare Critical
CVE-2022-31605 was published for nvflare (pip) Jun 22, 2022
Unsafe deserialisation in the PKI implementation scheme of NVFlare Critical
CVE-2022-31604 was published for nvflare (pip) Jun 22, 2022
Improper quoting of columns when using setOrderBy() or setGroupBy() on listing classes in Pimcore High
CVE-2022-31092 was published for pimcore/pimcore (Composer) Jun 22, 2022
Authenticated Stored Cross-site Scripting in Shopware Moderate
CVE-2022-31057 was published for shopware/shopware (Composer) Jun 22, 2022
Uncontrolled Recursion in rulex Moderate
CVE-2022-31099 was published for rulex (Rust) Jun 22, 2022
evanrichter
Improper Handling of Exceptional Conditions in Newtonsoft.Json High
CVE-2024-21907 was published for Newtonsoft.Json (NuGet) Jun 22, 2022
ezsilmar JamesNK
Cross-site Scripting in NukeViet CMS Moderate
CVE-2022-30874 was published for nukeviet/nukeviet (Composer) Jun 22, 2022
Denial of Service in Spring Cloud Function High
CVE-2022-22979 was published for org.springframework.cloud:spring-cloud-function-parent (Maven) Jun 22, 2022
Cross-site Scripting in krayin/laravel-crm Moderate
CVE-2021-41924 was published for krayin/laravel-crm (Composer) Jun 22, 2022
DoS through large manifest files in Argo CD Moderate
CVE-2022-31016 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
AdamKorcz
Reachable Assertion in rulex Moderate
CVE-2022-31100 was published for rulex (Rust) Jun 21, 2022
evanrichter
Change in port should be considered a change in origin High
CVE-2022-31091 was published for guzzlehttp/guzzle (Composer) Jun 21, 2022
Improper Handling of `callbackUrl` parameter in next-auth High
CVE-2022-31093 was published for next-auth (npm) Jun 21, 2022
stensrud
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server Moderate
CVE-2022-31036 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
AdamKorcz DavidKorczynski
Argo CD's external URLs for Deployments can include JavaScript Critical
CVE-2022-31035 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
DavidKorczynski AdamKorcz
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params High
CVE-2022-31034 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
crenshaw-dev jgwest
AdamKorcz DavidKorczynski
CURLOPT_HTTPAUTH option not cleared on change of origin High
CVE-2022-31090 was published for guzzlehttp/guzzle (Composer) Jun 21, 2022
Cross site scripting in Elefant CMS Moderate
CVE-2017-20060 was published for elefant/cms (Composer) Jun 21, 2022
Cross site scripting in Elefant CMS Moderate
CVE-2017-20058 was published for elefant/cms (Composer) Jun 21, 2022
Cross site scripting in Elefant CMS Moderate
CVE-2017-20059 was published for elefant/cms (Composer) Jun 21, 2022
Cross-Site Request Forgery in Elefant CMS High
CVE-2017-20062 was published for elefant/cms (Composer) Jun 21, 2022
Code injection in Elefant CMS High
CVE-2017-20064 was published for elefant/cms (Composer) Jun 21, 2022
Cross site scripting in Elefant CMS Moderate
CVE-2017-20061 was published for elefant/cms (Composer) Jun 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database