Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

12,429 advisories

Loading
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets... Low Unreviewed
CVE-2022-24448 was published Feb 10, 2022
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr Low
CVE-2017-18869 was published for chownr (npm) Feb 10, 2022
tdunlap607
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE ... Low Unreviewed
CVE-2022-21248 was published Feb 11, 2022
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-43242. Low Unreviewed
CVE-2021-42320 was published Feb 11, 2022
Chrono has potential segfault issue in SPIFFE authenticator Low
GHSA-45w3-v3g4-54pm was published for parsec-service (Rust) Feb 11, 2022
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) Low
CVE-2020-13788 was published for github.com/goharbor/harbor (Go) Feb 11, 2022
In-band key negotiation issue in AWS S3 Crypto SDK for golang Low
CVE-2020-8912 was published for github.com/aws/aws-sdk-go (Go) Feb 11, 2022
sophieschmieg
personnummer/go vulnerable to Improper Input Validation Low
GHSA-hv53-vf5m-8q94 was published for github.com/personnummer/go (Go) Feb 11, 2022
gobase subject to Incorrect routing of some HTTP requests when using httpauth due to a race condition Low
GHSA-h2x7-2ff6-v32p was published for github.com/ntbosscher/gobase (Go) Feb 11, 2022
PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local... Low Unreviewed
CVE-2022-23999 was published Feb 12, 2022
PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release... Low Unreviewed
CVE-2022-24000 was published Feb 12, 2022
Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China... Low Unreviewed
CVE-2022-24923 was published Feb 12, 2022
A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12),... Low Unreviewed
CVE-2022-23434 was published Feb 12, 2022
Path traversal in github.com/cloudflare/cfrpki/cmd/octorpki Low
GHSA-8459-6rc9-8vf8 was published for github.com/cloudflare/cfrpki (Go) Feb 14, 2022
The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the... Low Unreviewed
CVE-2021-25014 was published Feb 15, 2022
Arbitrary file deletion in NeMo ASR webapp Low
GHSA-rpx7-33j2-xx9x was published for nemo_toolkit (pip) Feb 15, 2022
haby0
Improper Synchronization in Jenkins Convertigo Mobile Platform Plugin Low
CVE-2022-25210 was published for com.convertigo.jenkins.plugins:convertigo-mobile-platform (Maven) Feb 16, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin Low
CVE-2022-25186 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Feb 16, 2022
NotMyFault
IBM Maximo Anywhere 7.6.4.0 applications could allow obfuscation of the application source code.... Low Unreviewed
CVE-2019-4352 was published Feb 17, 2022
Business Logic Errors in microweber Low
CVE-2022-0688 was published for microweber/microweber (Composer) Feb 21, 2022
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking... Low Unreviewed
CVE-2022-0279 was published Feb 22, 2022
The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has... Low Unreviewed
CVE-2021-25075 was published Feb 22, 2022
Improper Certificate Validation in Cosign Low
CVE-2022-23649 was published for github.com/sigstore/cosign (Go) Feb 22, 2022
znewman01 dlorenc
mattmoor priyawadhwa mtrmac nsmith5
Forwarding of confidentials headers to third parties in fluture-node Low
CVE-2022-24719 was published for fluture-node (npm) Mar 1, 2022
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS... Low Unreviewed
CVE-2021-3716 was published Mar 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database