GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
110 advisories
fastify/websocket vulnerable to uncaught exception via crash on malformed packet
High
CVE-2022-39386
was published
for
@fastify/websocket
(npm)
Nov 7, 2022
redcarpet Buffer Overflow vulnerability
High
CVE-2015-5147
was published
for
redcarpet
(RubyGems)
Aug 15, 2018
Missing authentication in ShenYu
High
CVE-2022-23945
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Browsershot does not validate URL protocols passed to Browsershot URL method
High
CVE-2022-41706
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
Warp vulnerable to Path Traversal via Improper validation of Windows paths
High
GHSA-8v4j-7jgf-5rg9
was published
for
warp
(Rust)
Jan 31, 2023
bzip2 allows attackers to cause a denial of service via a large file that triggers an integer overflow
High
CVE-2023-22895
was published
for
bzip2
(Rust)
Jan 10, 2023
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization
High
CVE-2022-31115
was published
for
opensearch-ruby
(RubyGems)
Jul 5, 2022
Regular Expression Denial of Service in charset
High
CVE-2017-16098
was published
for
charset
(npm)
Aug 9, 2018
XSS in Image Optimization API for Next.js
High
CVE-2021-39178
was published
for
next
(npm)
Sep 1, 2021
Yapscan's report receiver server vulnerable to path traversal and log injection
High
GHSA-9h6h-9g78-86f7
was published
for
github.com/fkie-cad/yapscan
(Go)
Dec 29, 2022
Signature verification vulnerability in Stark Bank ecdsa libraries
High
GHSA-9wx7-jrvc-28mm
was published
for
com.starkbank:ecdsa-java
(Maven)
Nov 8, 2021
Restlet Framework allows remote attackers to access arbitrary files via a crafted REST API HTTP request
High
CVE-2017-14949
was published
for
org.restlet.jse:org.restlet
(Maven)
Oct 17, 2018
Cross-Site Scripting in @toast-ui/editor
High
GHSA-cr56-66mx-293v
was published
for
@toast-ui/editor
(npm)
Sep 3, 2020
Private Data Disclosure in express-restify-mongoose
High
CVE-2016-10533
was published
for
express-restify-mongoose
(npm)
Oct 23, 2018
Cross-Site Scripting in bootstrap-vue
High
GHSA-c7pp-x73h-4m2v
was published
for
bootstrap-vue
(npm)
Sep 2, 2020
HashiCorp Consul Privilege Escalation Vulnerability
High
CVE-2021-37219
was published
for
github.com/hashicorp/consul
(Go)
Sep 8, 2021
Cronos vulnerable to DoS through unintended Contract Selfdestruct
High
GHSA-gwj5-wp6r-5q9f
was published
for
github.com/crypto-org-chain/cronos
(Go)
Aug 11, 2022
Insecure Comparison in secure-compare
High
CVE-2015-9238
was published
for
secure-compare
(npm)
Jun 3, 2019
Unrestricted Uploads in Concrete5
High
CVE-2020-11476
was published
for
concrete5/concrete5
(Composer)
Nov 3, 2021
Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials
High
CVE-2019-10476
was published
for
org.jenkins-ci.plugins:zulip
(Maven)
May 24, 2022
Off-by-one error in simple-slab
High
CVE-2020-35893
was published
for
simple-slab
(Rust)
Aug 25, 2021
Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD
High
CVE-2022-31179
was published
for
shescape
(npm)
Jul 15, 2022
ProTip!
Advisories are also available from the
GraphQL API