GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
635 advisories
Filter by severity
Tailscale Windows daemon is vulnerable to RCE via CSRF
Critical
CVE-2022-41924
was published
for
tailscale.com
(Go)
Nov 21, 2022
Apache Jena vulnerable to Deserialization of Untrusted Data
Critical
CVE-2022-45136
was published
for
org.apache.jena:jena-sdb
(Maven)
Nov 14, 2022
Vela Insecure Defaults
Critical
CVE-2022-39395
was published
for
github.com/go-vela/server
(Go)
Nov 9, 2022
X.509 Email Address 4-byte Buffer Overflow
Critical
CVE-2022-3602
was published
for
openssl-src
(Rust)
Nov 1, 2022
Badaso vulnerable to Remote Code Execution via malicious file upload
Critical
CVE-2022-41711
was published
for
badaso/core
(Composer)
Oct 26, 2022
Insufficient validation when decoding a Socket.IO packet
Critical
CVE-2022-2421
was published
for
socket.io-parser
(npm)
Oct 26, 2022
Gin-vue-admin subject to Remote Code Execution via file upload vulnerability
Critical
CVE-2022-39345
was published
for
github.com/flipped-aurora/gin-vue-admin/server
(Go)
Oct 25, 2022
Hessian Lite for Apache Dubbo deserialization vulnerability
Critical
CVE-2022-39198
was published
for
com.alibaba:hessian-lite
(Maven)
Oct 19, 2022
Dolibarr vulnerable to Eval Injection
Critical
CVE-2022-40871
was published
for
dolibarr/dolibarr
(Composer)
Oct 12, 2022
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
Critical
CVE-2022-39222
was published
for
github.com/dexidp/dex
(Go)
Oct 3, 2022
Pagekit vulnerable to Unrestricted Upload of File with Dangerous Type
Critical
CVE-2022-38916
was published
for
pagekit/pagekit
(Composer)
Sep 21, 2022
VNCAuthProxy authentication bypass vulnerability
Critical
CVE-2022-36436
was published
for
vncauthproxy
(pip)
Sep 16, 2022
Mongoose Vulnerable to Prototype Pollution in Schema Object
Critical
CVE-2022-24304
was published
for
mongoose
(npm)
Aug 27, 2022
conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2
Critical
CVE-2020-28441
was published
for
conf-cfg-ini
(npm)
Jul 26, 2022
ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse`
Critical
CVE-2020-28462
was published
for
ion-parser
(npm)
Jul 26, 2022
js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse`
Critical
CVE-2020-28461
was published
for
js-ini
(npm)
Jul 26, 2022
convert-svg-core vulnerable to remote code injection
Critical
CVE-2022-25759
was published
for
convert-svg-core
(npm)
Jul 23, 2022
Argo CD's external URLs for Deployments can include JavaScript
Critical
CVE-2022-31035
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
OS Command Injection in file editor in Gogs
Critical
CVE-2022-1986
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
Path Traversal in file editor on Windows in Gogs
Critical
CVE-2022-1992
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
Path Traversal in django-s3file
Critical
CVE-2022-24840
was published
for
django-s3file
(pip)
Jun 6, 2022
OS Command Injection in gogs
Critical
CVE-2021-32546
was published
for
gogs.io/gogs
(Go)
Jun 2, 2022
ProTip!
Advisories are also available from the
GraphQL API