The Wayback Machine - https://web.archive.org/web/20220404114054/https://github.com/advisories
Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
798
Go
368
Maven
1,180
npm
2,392
NuGet
170
pip
1,047
RubyGems
453
Rust
392
Unreviewed advisories
All unreviewed
5,000+

6,766 advisories

Command Injection vulnerability in asciidoctor-include-ext Critical
CVE-2022-24803 was published for asciidoctor-include-ext (RubyGems) Mar 31, 2022
joernchen
URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect High
CVE-2022-24794 was published for express-openid-connect (npm) Mar 31, 2022
kurt-r2c
Remote Code Execution in Spring Framework Critical
CVE-2022-22965 was published for org.springframework.boot:spring-boot-starter-web (Maven) Mar 31, 2022
rotilho cdupuis
HTTP Request Smuggling in puma Critical
CVE-2022-24790 was published for puma (RubyGems) Mar 30, 2022
zeyu2001
Cross-site Scripting in Parsedown Moderate
CVE-2018-1000162 was published for erusev/parsedown (Composer) Mar 30, 2022
Sandbox bypass leading to arbitrary code execution in Deno Critical
CVE-2022-24783 was published for deno (Rust) Mar 29, 2022
DjDeveloperr andreubotella
aapoalas
Use of insecure temporary file in Horovod High
CVE-2022-0315 was published for horovod (pip) Mar 29, 2022
JamieSlome ashahab
Improper Input Validation in GoGo Protobuf High
CVE-2021-3121 was published for github.com/gogo/protobuf (Go) Mar 28, 2022
Incorrect Authorization in imgcrypt High
CVE-2022-24778 was published for github.com/containerd/imgcrypt (Go) Mar 28, 2022
dimitar-dimitrow
Unrestricted Upload of File with Dangerous Type in Gogs High
CVE-2022-0415 was published for gogs.io/gogs (Go) Mar 28, 2022
wuhan005
Sandbox Information Disclosure Low
CVE-2019-9942 was published for twig/twig (Composer) Mar 26, 2022
Non-constant time comparison in UriSigner High
CVE-2019-18887 was published for symfony/http-kernel (Composer) Mar 26, 2022
Code injection in PHPUnit Critical
CVE-2017-9841 was published for phpunit/phpunit (Composer) Mar 26, 2022
Code injection vulnerability in allSelectors() Critical
CVE-2020-13756 was published for sabberworm/php-css-parser (Composer) Mar 26, 2022
FormField with square brackets in field name skips validation Moderate
CVE-2020-26138 was published for silverstripe/framework (Composer) Mar 26, 2022
Class-Name Injection High
CVE-2019-10905 was published for erusev/parsedown (Composer) Mar 26, 2022
Arbitrary shell execution High
GHSA-3988-h75v-hwf6 was published for squizlabs/php_codesniffer (Composer) Mar 26, 2022
Arbitrary shell execution High
GHSA-mhfv-8rc9-w38c was published for squizlabs/php_codesniffer (Composer) Mar 26, 2022
Cross-site Scripting in Keycloak Moderate
CVE-2021-20323 was published for org.keycloak:keycloak-core (Maven) Mar 26, 2022
Possible URL Redirection to Untrusted Site ('Open Redirect') in Flask-AppBuilder Moderate
CVE-2022-24776 was published for Flask-AppBuilder (pip) Mar 25, 2022
Improper Input Validation in guzzlehttp/psr7 High
CVE-2022-24775 was published for guzzlehttp/psr7 (Composer) Mar 25, 2022
Insertion of Sensitive Information into Log File in Jupyter notebook High
CVE-2022-24757 was published for jupyter-server (pip) Mar 25, 2022
3coins
Cross-site Scripting in Fork CMS Moderate
CVE-2022-0145 was published for forkcms/forkcms (Composer) Mar 25, 2022
SQL Injection in Fork CMS High
CVE-2022-0153 was published for forkcms/forkcms (Composer) Mar 25, 2022
Improper access control allows admin privilege escalation in Argo CD Critical
CVE-2022-24768 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
ProTip! Advisories are also available from the GraphQL API