The Wayback Machine - https://web.archive.org/web/20220412141730/https://github.com/advisories
Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
823
Go
373
Maven
1,188
npm
2,397
NuGet
174
pip
1,054
RubyGems
461
Rust
395
Unreviewed advisories
All unreviewed
5,000+

6,830 advisories

Improper Certificate Validation High
CVE-2017-11770 was published for Microsoft.NETCore.App (NuGet) Apr 12, 2022
Denial of Service (DoS) in Nokogiri on JRuby High
GHSA-gx8x-g87m-h5q6 was published for nokogiri (RubyGems) Apr 11, 2022
XML Injection in Xerces Java affects Nokogiri Moderate
GHSA-xxx9-3xcr-gjj3 was published for nokogiri (RubyGems) Apr 11, 2022
Out-of-bounds Write in zlib affects Nokogiri High
GHSA-v6gp-9mmm-c6p5 was published for nokogiri (RubyGems) Apr 11, 2022
Inefficient Regular Expression Complexity in Nokogiri High
CVE-2022-24836 was published for nokogiri (RubyGems) Apr 11, 2022
ooooooo-q
Infinite loop in .Net Bond High
CVE-2020-1469 was published for Bond.Core.CSharp (NuGet) Apr 8, 2022
HTTP Proxy header vulnerability High
CVE-2016-5385 was published for guzzlehttp/guzzle (Composer) Apr 7, 2022
Insecure default value for CORS configuration High
CVE-2022-26969 was published for directus (npm) Apr 5, 2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in directus High
CVE-2022-24814 was published for directus (npm) Apr 5, 2022
Buffer length underflow in LoginPacket causing unchecked exceptions to be thrown High
GHSA-5jfw-35xp-5m42 was published for pocketmine/bedrock-protocol (Composer) Apr 5, 2022
Sensitive Auth & Cookie data stored in Jupyter server logs High
CVE-2022-24758 was published for notebook (pip) Apr 5, 2022
3coins
Buffer Overflow in yajl-ruby Moderate
CVE-2022-24795 was published for yajl-ruby (RubyGems) Apr 5, 2022
jhawthorn
Incorrect Comparison in Vyper High
GHSA-7vrm-3jc8-5wwm was published for vyper (pip) Apr 4, 2022
Inconsistent Interpretation of HTTP Requests in twisted.web High
CVE-2022-24801 was published for twisted (pip) Apr 4, 2022
zeyu2001 twm
exarkun
Path Traversal: 'dir/../../filename' in moment.locale High
CVE-2022-24785 was published for Moment.js (npm) Apr 4, 2022
Opened exploitable ports in default docker-compose.yaml in go-ipfs Moderate
GHSA-fx5p-f64h-93xc was published for github.com/ipfs/go-ipfs (Go) Apr 4, 2022
Remote code injection in dompdf/dompdf High
CVE-2022-28368 was published for dompdf/dompdf (Composer) Apr 4, 2022
Cross-Site Request Forgery in yourls/yourls Low
CVE-2022-0088 was published for yourls/yourls (Composer) Apr 4, 2022
Allocation of Resources Without Limits or Throttling in Spring Framework Moderate
CVE-2022-22950 was published for org.springframework:spring-core (Maven) Apr 3, 2022
Cross-site Scripting in @rocket.chat/livechat Low
CVE-2022-21830 was published for @rocket.chat/livechat (npm) Apr 3, 2022
Code Injection in Spring Cloud Function Critical
CVE-2022-22963 was published for org.springframework.cloud:spring-cloud-function-core (Maven) Apr 3, 2022
Remote code injection in consoleme High
CVE-2022-27177 was published for consoleme (pip) Apr 3, 2022
SQL injection in pagekit/pagekit High
CVE-2021-44135 was published for pagekit/pagekit (Composer) Apr 2, 2022
Command injection in cocoapods-downloader High
CVE-2022-24440 was published for cocoapods-downloader (RubyGems) Apr 2, 2022
Command injection in cocoapods-downloader High
CVE-2022-21223 was published for cocoapods-downloader (RubyGems) Apr 2, 2022
ProTip! Advisories are also available from the GraphQL API