Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

113 advisories

Loading
parse-server crashes when receiving file download request with invalid byte range High
CVE-2022-39313 was published for parse-server (npm) Oct 18, 2022
hej2010 Credited to hej2010 and tdunlap607 tdunlap607 tdunlap607
fastify/websocket vulnerable to uncaught exception via crash on malformed packet High
CVE-2022-39386 was published for @fastify/websocket (npm) Nov 7, 2022
marcolanaro Credited to marcolanaro, ramonsnir, and tdunlap607 ramonsnir ramonsnir
tdunlap607 tdunlap607
Arches vulnerable to execution of arbitrary SQL High
CVE-2022-41892 was published for arches (pip) Nov 11, 2022
sylwia-budzynska Credited to sylwia-budzynska and tdunlap607 tdunlap607 tdunlap607
Browsershot does not validate URL protocols passed to Browsershot URL method High
CVE-2022-41706 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607 Credited to tdunlap607
code injection in phpxmlrpc/phpxmlrpc High
GHSA-3fgr-xjr6-xqm8 was published for phpxmlrpc/phpxmlrpc (Composer) Nov 28, 2022
tdunlap607 Credited to tdunlap607
.NET Remote Code Execution Vulnerability High
CVE-2022-41089 was published for Microsoft.WindowsDesktop.App.Runtime.win-arm64 (NuGet) Dec 14, 2022
tdunlap607 Credited to tdunlap607
Knex.js has a limited SQL injection vulnerability High
CVE-2016-20018 was published for knex (npm) Dec 19, 2022
alokmenghrajani Credited to alokmenghrajani, pmartinat, and tdunlap607 pmartinat pmartinat
tdunlap607 tdunlap607
Yapscan's report receiver server vulnerable to path traversal and log injection High
GHSA-9h6h-9g78-86f7 was published for github.com/fkie-cad/yapscan (Go) Dec 29, 2022
tdunlap607 Credited to tdunlap607
bzip2 allows attackers to cause a denial of service via a large file that triggers an integer overflow High
CVE-2023-22895 was published for bzip2 (Rust) Jan 10, 2023
tdunlap607 Credited to tdunlap607
Command injection in Git package in Wrangler High
CVE-2022-31249 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
cokeBeer Credited to cokeBeer, aruneko, and tdunlap607 aruneko aruneko
tdunlap607 tdunlap607
http-cache-semantics vulnerable to Regular Expression Denial of Service High
CVE-2022-25881 was published for http-cache-semantics (Maven) Jan 31, 2023
tdunlap607 Credited to tdunlap607
Warp vulnerable to Path Traversal via Improper validation of Windows paths High
GHSA-8v4j-7jgf-5rg9 was published for warp (Rust) Jan 31, 2023
tdunlap607 Credited to tdunlap607
Switcher Client contains Regular Expression Denial of Service (ReDoS) High
CVE-2023-23925 was published for switcher-client (npm) Feb 2, 2023
petruki Credited to petruki and tdunlap607 tdunlap607 tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database