Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

122 advisories

Loading
Privilege escalation in Strongbox Moderate
GHSA-mhgm-52vg-pvvc was published for com.schibsted.security:strongbox-sdk (Maven) Feb 16, 2023
tdunlap607
Velociraptor subject to Path Traversal Moderate
CVE-2023-0290 was published for www.velocidex.com/golang/velociraptor (Go) Jan 19, 2023
tdunlap607
php-mod/curl allows Cross-site Scripting Moderate
CVE-2021-30134 was published for php-mod/curl (Composer) Dec 26, 2022
tdunlap607
csaf-poc/csaf_distribution Cross-site Scripting vulnerability Moderate
CVE-2022-43996 was published for github.com/csaf-poc/csaf_distribution (Go) Dec 14, 2022
tdunlap607
Sentry vulnerable to invite code reuse via cookie manipulation Moderate
CVE-2022-23485 was published for sentry (pip) Dec 12, 2022
tdunlap607
hyper-staticfile's improper validation of Windows paths could lead to directory traversal attack Moderate
GHSA-7p7c-pvvx-2vx3 was published for hyper-staticfile (Rust) Dec 5, 2022
tdunlap607
Browsershot version 3.57.3 vulnerable to improper input validation Moderate
CVE-2022-43984 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607
Concrete CMS vulnerable to Reflected Cross-site Scripting Moderate
CVE-2022-43692 was published for concrete5/concrete5 (Composer) Nov 15, 2022
tdunlap607
Concrete CMS vulnerable to Cross-site Scripting Moderate
CVE-2022-43688 was published for concrete5/concrete5 (Composer) Nov 15, 2022
tdunlap607
Concrete CMS vulnerable to Improper Authentication Moderate
CVE-2022-43690 was published for concrete5/concrete5 (Composer) Nov 15, 2022
tdunlap607
cleo is vulnerable to Regular Expression Denial of Service (ReDoS) Moderate
CVE-2022-42966 was published for cleo (pip) Nov 10, 2022
neersighted tdunlap607
HashiCorp Nomad vulnerable to non-sensitive metadata exposure Moderate
CVE-2022-3866 was published for github.com/hashicorp/nomad (Go) Nov 10, 2022
tdunlap607
OpenFGA Authorization Bypass Moderate
CVE-2022-39352 was published for github.com/openfga/openfga (Go) Nov 8, 2022
tdunlap607
Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution Moderate
CVE-2022-31683 was published for github.com/concourse/concourse (Go) Oct 19, 2022
rickramgattie tdunlap607
API keys stored in plain text by Jenkins Katalon Plugin Moderate
CVE-2022-43419 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault tdunlap607
AdGuardHome vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-32175 was published for github.com/AdguardTeam/AdGuardHome (Go) Oct 11, 2022
tdunlap607
HashiCorp Consul vulnerable to authorization bypass Moderate
CVE-2022-40716 was published for github.com/hashicorp/consul (Go) Sep 25, 2022
tdunlap607
LibreNMS vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-36745 was published for librenms/librenms (Composer) Aug 31, 2022
tdunlap607
fabric8 kubernetes-client vulnerable Moderate
CVE-2021-4178 was published for io.fabric8:kubernetes-client (Maven) Jul 15, 2022
sbenhai tdunlap607
Rails::Html::Sanitizer vulnerable to Cross-site Scripting Moderate
CVE-2022-32209 was published for rails-html-sanitizer (RubyGems) Jun 25, 2022
tdunlap607
Space bug in `clean_text` Moderate
GHSA-p2g9-94wh-65c2 was published for ammonia (Rust) Jun 16, 2022
tdunlap607
Observable Timing Discrepancy in totp-rs Moderate
CVE-2022-29185 was published for totp-rs (Rust) May 24, 2022
tdunlap607
Password stored in plain text by Jenkins Nomad Plugin Moderate
CVE-2021-21681 was published for org.jenkins-ci.plugins:nomad (Maven) May 24, 2022
NotMyFault tdunlap607
XSS vulnerability in Jenkins Gatling Plugin Moderate
CVE-2020-2173 was published for org.jenkins-ci.plugins:gatling (Maven) May 24, 2022
NotMyFault tdunlap607
Podman has Files or Directories Accessible to External Parties Moderate
CVE-2020-1726 was published for github.com/containers/podman (Go) May 24, 2022
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database