Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

23,474 advisories

Loading
The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap... Critical Unreviewed
CVE-2022-4291 was published Dec 8, 2022
Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin... Critical Unreviewed
CVE-2022-44351 was published Dec 7, 2022
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). Critical Unreviewed
CVE-2022-45550 was published Dec 7, 2022
hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE). Critical Unreviewed
CVE-2022-44371 was published Dec 7, 2022
Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4... Critical Unreviewed
CVE-2022-42458 was published Dec 7, 2022
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to... Critical Unreviewed
CVE-2022-3643 was published Dec 7, 2022
Simple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability... Critical Unreviewed
CVE-2022-45010 was published Dec 7, 2022
Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a... Critical Unreviewed
CVE-2022-45025 was published Dec 7, 2022
An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom allows attackers to... Critical Unreviewed
CVE-2022-45026 was published Dec 7, 2022
The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable... Critical Unreviewed
CVE-2022-41559 was published Dec 6, 2022
The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored... Critical Unreviewed
CVE-2022-46332 was published Dec 6, 2022
Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19... Critical Unreviewed
CVE-2022-45359 was published Dec 6, 2022
An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH... Critical Unreviewed
CVE-2022-35843 was published Dec 6, 2022
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300... Critical Unreviewed
CVE-2020-6627 was published Dec 6, 2022
RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12,... Critical Unreviewed
CVE-2022-46383 was published Dec 6, 2022
MegaRAC Default Credentials Vulnerability Critical Unreviewed
CVE-2022-40242 was published Dec 6, 2022
AMI MegaRAC Redfish Arbitrary Code Execution Critical Unreviewed
CVE-2022-40259 was published Dec 6, 2022
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (... Critical Unreviewed
CVE-2022-32221 was published Dec 6, 2022
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that... Critical Unreviewed
CVE-2022-35256 was published Dec 6, 2022
Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass... Critical Unreviewed
CVE-2022-43549 was published Dec 6, 2022
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with... Critical Unreviewed
CVE-2022-35255 was published Dec 6, 2022
Buffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 Discovery Wifi U818A HD+... Critical Unreviewed
CVE-2022-40918 was published Dec 6, 2022
A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that... Critical Unreviewed
CVE-2022-27773 was published Dec 6, 2022
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server.... Critical Unreviewed
CVE-2022-38337 was published Dec 6, 2022
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure... Critical Unreviewed
CVE-2022-43515 was published Dec 5, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database