Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
37
Go
2,526
Maven
5,000+
npm
4,189
NuGet
742
pip
3,968
Pub
12
RubyGems
947
Rust
1,030
Swift
39
Unreviewed advisories
All unreviewed
5,000+

24,030 advisories

Loading
wger vulnerable to brute force attempts Critical
CVE-2022-2650 was published for wger (pip) Nov 24, 2022
TemporaryFolder on unix-like systems does not limit access to created files Moderate
CVE-2022-41946 was published for org.postgresql:postgresql (Maven) Nov 23, 2022
JLLeitschuh vlsi
Password exposure in H2 Database High
CVE-2022-45868 was published for com.h2database:h2 (Maven) Nov 23, 2022
mrjonstrong pjfanning
amita-seal
sweetalert2 v8.19.1 and above contains hidden functionality Low
GHSA-8jh9-wqpf-q52c was published for sweetalert2 (npm) Nov 23, 2022
cranberry3148
sweetalert2 v9.17.4 and above contains hidden functionality Low
GHSA-pg98-6v7f-2xfv was published for sweetalert2 (npm) Nov 23, 2022
cranberry3148
sweetalert2 v10.16.10 and above contains hidden functionality Low
GHSA-457r-cqc8-9vj9 was published for sweetalert2 (npm) Nov 23, 2022
Humni
Cross-Site Request Forgery in Moodle Moderate
CVE-2022-45149 was published for moodle/moodle (Composer) Nov 23, 2022
Moodle stored-XSS vulnerability in some "social" user profile fields Moderate
CVE-2022-45151 was published for moodle/moodle (Composer) Nov 23, 2022
Moodle reflected cross-site scripting vulnerability in policy tool Moderate
CVE-2022-45150 was published for moodle/moodle (Composer) Nov 23, 2022
sweetalert2 v11.4.9 and above contains hidden functionality Low
GHSA-qq6h-5g6j-q3cm was published for sweetalert2 (npm) Nov 23, 2022
limonte Humni
Denial of service in Mattermost Moderate
CVE-2022-4045 was published for github.com/mattermost/mattermost-server (Go) Nov 23, 2022
Command injection in Apache DolphinScheduler Alert Plugins Critical
CVE-2022-45462 was published for org.apache.dolphinscheduler:dolphinscheduler-alert-plugins (Maven) Nov 23, 2022
Denial of service in Mattermost Moderate
CVE-2022-4044 was published for github.com/mattermost/mattermost-server (Go) Nov 23, 2022
Cross-site Scripting in Backdrop CMS Moderate
CVE-2022-42095 was published for backdrop/backdrop (Composer) Nov 23, 2022
Code injection in quarkus dev ui config editor Critical
CVE-2022-4116 was published for io.quarkus:quarkus-vertx-http-deployment (Maven) Nov 22, 2022
jmini
Account Takeover Through Password Reset Poisoning High
CVE-2022-33012 was published for microweber/microweber (Composer) Nov 22, 2022
Cross-site Scripting in Backdrop CMS Moderate
CVE-2022-42094 was published for backdrop/backdrop (Composer) Nov 22, 2022
Cross-site Scripting in Backdrop CMS Moderate
CVE-2022-42097 was published for backdrop/backdrop (Composer) Nov 22, 2022
OS Command Injection in Apache Airflow High
CVE-2022-41131 was published for apache-airflow-providers-apache-hive (pip) Nov 22, 2022
raboof
OS Command Injection in Apache Airflow Critical
CVE-2022-38649 was published for apache-airflow (pip) Nov 22, 2022
sunSUNQ
OS Command Injection in Apache Airflow Moderate
CVE-2022-40954 was published for apache-airflow (pip) Nov 22, 2022
OS Command Injection in Apache Airflow Critical
CVE-2022-40189 was published for apache-airflow (pip) Nov 22, 2022
ToolJet is vulnerable to Denial of Service (DoS) Moderate
CVE-2022-4111 was published for tooljet (npm) Nov 22, 2022
aruneko
CKAN contains Improper Authentication leading to account takeover High
CVE-2022-43685 was published for ckan (pip) Nov 22, 2022
Remote code execution vulnerability in dependency System.Drawing.Common Moderate
GHSA-gpv5-rp6w-58r8 was published for Akka (NuGet) Nov 22, 2022
petrikero
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database