Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,511 advisories

Loading
Incorrect header handling in mod-wsgi High
CVE-2022-2255 was published for mod-wsgi (pip) Aug 26, 2022
ansible-runner vulnerable to shell command injection High
CVE-2021-4041 was published for ansible-runner (pip) Aug 25, 2022
Uncontrolled Resource Consumption in asyncua and opcua High
CVE-2022-25304 was published for asyncua (pip) Aug 24, 2022
GoetzGoerisch tdunlap607
Bots using py-cord as Discord API wrapper are vulnerable to shutdowns through remote code execution High
CVE-2022-36024 was published for py-cord (pip) Aug 18, 2022
NeloBlivion BobDotCom
Remote code execution in Apache Airflow Docker's Provider High
CVE-2022-38362 was published for apache-airflow-providers-docker (pip) Aug 17, 2022
raboof
django-sendfile2 before 0.7.0 contains reflected file download vulnerability High
GHSA-pcjh-6r5h-r92r was published for django-sendfile2 (pip) Aug 11, 2022
moggers87 sergei-maertens
Django vulnerable to Reflected File Download attack High
CVE-2022-36359 was published for Django (pip) Aug 11, 2022
sunSUNQ levpachmanov
G-Rath
untangle vulnerable to XML Entity Expansion High
CVE-2022-33977 was published for untangle (pip) Aug 6, 2022
untangle vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2022-31471 was published for untangle (pip) Aug 6, 2022
sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs High
CVE-2022-35920 was published for sanic (pip) Aug 6, 2022
chia-blockchain tokens can be inflated to an arbitrary extent High
CVE-2022-36447 was published for chia-blockchain (pip) Jul 30, 2022
Mistune vulnerable to catastrophic backtracking High
CVE-2022-34749 was published for mistune (pip) Jul 26, 2022
keysmashes
Apache MXNet vulnerable to potential denial-of-service by excessive resource consumption High
CVE-2022-24294 was published for mxnet (pip) Jul 25, 2022
raboof
Apache Spark UI can allow impersonation if ACLs enabled High
CVE-2022-33891 was published for org.apache.spark:spark-parent_2.12 (Maven) Jul 19, 2022
alowayed
Codecov does not sanitize gcov arguments High
CVE-2019-10800 was published for codecov (pip) Jul 14, 2022
mat2 before 0.13.0 allows directory traversal during the ZIP archive cleaning process. High
CVE-2022-35410 was published for mat2 (pip) Jul 12, 2022
Incorrect handling of invalid surrogate pair characters High
CVE-2022-31116 was published for ujson (pip) Jul 5, 2022
JustAnotherArchivist the-bumble
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths High
CVE-2022-31052 was published for matrix-synapse (pip) Jun 29, 2022
SystemDS CPU exhaustion vulnerability High
CVE-2022-26477 was published for org.apache.systemds:systemds (Maven) Jun 28, 2022
Salt's PAM auth fails to reject locked accounts High
CVE-2022-22967 was published for salt (pip) Jun 25, 2022
CSV Injection in inventree High
CVE-2022-2112 was published for inventree (pip) Jun 18, 2022
XSS Vulnerability in Markdown Editor High
GHSA-85q9-7467-r53q was published for inventree (pip) Jun 17, 2022
Gaurav-G2
Unrestricted Attachment Upload High
CVE-2022-2111 was published for inventree (pip) Jun 17, 2022
saharshtapi
Insufficient HTML Sanitization High
GHSA-rm89-9g65-4ffr was published for inventree (pip) Jun 17, 2022
saharshtapi
Jupyter server Token bruteforcing High
CVE-2022-29241 was published for jupyter-server (pip) Jun 16, 2022
rashley-iqt
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database