Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,633
Erlang
34
GitHub Actions
25
Go
2,239
Maven
5,000+
npm
3,900
NuGet
701
pip
3,667
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,259 advisories

Loading
AutoUpdater module fails to validate certain nested components of the bundle Moderate
CVE-2022-29257 was published for electron (npm) Jun 16, 2022
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled Low
CVE-2022-29247 was published for electron (npm) Jun 16, 2022
TheGrandPew msrkp
Jupyter server Token bruteforcing High
CVE-2022-29241 was published for jupyter-server (pip) Jun 16, 2022
rashley-iqt
Token bruteforcing. Moderate
CVE-2022-29238 was published for notebook (pip) Jun 16, 2022
rashley-iqt
Library exclusively intended to obfuscate code. Moderate
GHSA-gfg9-x6px-r7gr was published for plutonium (Rust) Jun 16, 2022
Duplicate Advisory: Integer Overflow in HeaderMap::reserve() can cause Denial of Service High
CVE-2019-25008 was published for http (Rust) Jun 16, 2022 withdrawn
matveybaykalov
Type confusion if __private_get_type_id__ is overriden Critical
CVE-2020-25575 was published for failure (Rust) Jun 16, 2022
michaelkedar
Code injection in Apache NiFi and NiFi Registry High
CVE-2022-33140 was published for org.apache.nifi.registry:nifi-registry-core (Maven) Jun 16, 2022
kurt-r2c
User account escalation in Apache Hadoop High
CVE-2021-33036 was published for org.apache.hadoop:hadoop-yarn-server-common (Maven) Jun 16, 2022
Octokit gem published with world-writable files Low
CVE-2022-31072 was published for octokit (RubyGems) Jun 15, 2022
Octopoller gem published with world-writable files Low
CVE-2022-31071 was published for octopoller (RubyGems) Jun 15, 2022
Incorrect Authorization in thinkcmf Moderate
CVE-2021-40616 was published for thinkcmf/thinkcmf (Composer) Jun 15, 2022
Remote Code Execution in Apache Flume High
CVE-2022-25167 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Jun 15, 2022
westonsteimel
Regular expression denial of service in Delight Nashorn Sandbox High
CVE-2021-40660 was published for org.javadelight:delight-nashorn-sandbox (Maven) Jun 15, 2022
mxro
Cross-site Scripting in NocoDB Moderate
CVE-2022-2079 was published for nocodb (npm) Jun 15, 2022
Potential leak of NuGet.org API key Moderate
CVE-2022-30184 was published for NuGet.CommandLine (NuGet) Jun 14, 2022
JarLob
Cross-site Scripting in Strapi Moderate
CVE-2022-29894 was published for strapi (npm) Jun 14, 2022
Insufficient Session Expiration in NocoDB High
CVE-2022-2064 was published for nocodb (npm) Jun 14, 2022
Cross site scripting in facturascripts Moderate
CVE-2022-2066 was published for facturascripts/facturascripts (Composer) Jun 14, 2022
SQL Injection in RosarioSIS Critical
CVE-2022-2067 was published for francoisjacquet/rosariosis (Composer) Jun 14, 2022
NocoDB information disclosure vulnerability High
CVE-2022-2062 was published for nocodb (npm) Jun 14, 2022
Cross site scripting in dolibarr Moderate
CVE-2022-2060 was published for dolibarr/dolibarr (Composer) Jun 14, 2022
Improper Privilege Management in NocoDB High
CVE-2022-2063 was published for nocodb (npm) Jun 14, 2022
Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2 Critical
CVE-2021-37404 was published for org.apache.hadoop:hadoop-common (Maven) Jun 14, 2022
Cross-site Scripting in FacturaScripts Moderate
CVE-2022-2065 was published for facturascripts/facturascripts (Composer) Jun 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database