Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

23,457 advisories

Loading
The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor... Critical Unreviewed
CVE-2022-44048 was published Nov 7, 2022
The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor... Critical Unreviewed
CVE-2022-44049 was published Nov 7, 2022
The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor... Critical Unreviewed
CVE-2022-43305 was published Nov 7, 2022
The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor... Critical Unreviewed
CVE-2022-43304 was published Nov 7, 2022
The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor... Critical Unreviewed
CVE-2022-44051 was published Nov 7, 2022
The d8s-networking for python, as distributed on PyPI, included a potential code-execution... Critical Unreviewed
CVE-2022-44050 was published Nov 7, 2022
The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor... Critical Unreviewed
CVE-2022-44052 was published Nov 7, 2022
The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor... Critical Unreviewed
CVE-2022-44054 was published Nov 7, 2022
The d8s-networking for python, as distributed on PyPI, included a potential code-execution... Critical Unreviewed
CVE-2022-44053 was published Nov 7, 2022
The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor... Critical Unreviewed
CVE-2022-43303 was published Nov 7, 2022
A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part... Critical Unreviewed
CVE-2022-3878 was published Nov 7, 2022
In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then... Critical Unreviewed
CVE-2022-42905 was published Nov 7, 2022
An issue was discovered in Object First 1.0.7.712. The authorization service has a flow that... Critical Unreviewed
CVE-2022-44796 was published Nov 7, 2022
The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a... Critical Unreviewed
CVE-2022-3481 was published Nov 7, 2022
The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when... Critical Unreviewed
CVE-2022-3463 was published Nov 7, 2022
Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0... Critical Unreviewed
CVE-2022-44544 was published Nov 6, 2022
Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring... Critical Unreviewed
CVE-2022-31691 was published Nov 5, 2022
A vulnerability classified as critical has been found in SourceCodester Sanitization Management... Critical Unreviewed
CVE-2022-3868 was published Nov 5, 2022
"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE)... Critical Unreviewed
CVE-2022-40747 was published Nov 4, 2022
CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application... Critical Unreviewed
CVE-2022-42744 was published Nov 4, 2022
"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote... Critical Unreviewed
CVE-2022-22425 was published Nov 4, 2022
** UNSUPPPORTED WHEN ASSIGNED **Broken Access Control in User Authentication in Avaya Scopia... Critical Unreviewed
CVE-2022-38168 was published Nov 4, 2022
D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function... Critical Unreviewed
CVE-2022-43109 was published Nov 3, 2022
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime... Critical Unreviewed
CVE-2022-43106 was published Nov 3, 2022
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the devName parameter... Critical Unreviewed
CVE-2022-43101 was published Nov 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database