GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
298 advisories
Gluu Oxauth before v4.4.1 vulnerable to Server-Side Request Forgery attacks via a crafted request_uri parameter
Critical
CVE-2022-36663
was published
for
org.gluu:oxauth-common
(Maven)
Sep 7, 2022
Unrestricted Uploads in Concrete5
High
CVE-2020-11476
was published
for
concrete5/concrete5
(Composer)
Nov 3, 2021
Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials
High
CVE-2019-10476
was published
for
org.jenkins-ci.plugins:zulip
(Maven)
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in LemMinX
Moderate
CVE-2022-0672
was published
for
org.eclipse.lemminx:lemminx-parent
(Maven)
Feb 19, 2022
Off-by-one error in simple-slab
High
CVE-2020-35893
was published
for
simple-slab
(Rust)
Aug 25, 2021
XSS vulnerability in Jenkins Gatling Plugin
Moderate
CVE-2020-2173
was published
for
org.jenkins-ci.plugins:gatling
(Maven)
May 24, 2022
Cross-Site Request Forgery in Drupal core
Moderate
CVE-2020-13674
was published
for
drupal/core
(Composer)
Feb 12, 2022
Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD
High
CVE-2022-31179
was published
for
shescape
(npm)
Jul 15, 2022
Improper Access Control in github.com/treeverse/lakefs
Moderate
GHSA-m836-gxwq-j2pm
was published
for
github.com/treeverse/lakefs
(Go)
Oct 28, 2021
Uncontrolled Resource Consumption in asyncua and opcua
High
CVE-2022-25304
was published
for
asyncua
(pip)
Aug 24, 2022
Privilege escalation in Strongbox
Moderate
GHSA-mhgm-52vg-pvvc
was published
for
com.schibsted.security:strongbox-sdk
(Maven)
Feb 16, 2023
aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9
High
CVE-2022-2385
was published
for
sigs.k8s.io/aws-iam-authenticator
(Go)
Jul 13, 2022
Argo CD SSO users vulnerable to Cross-site Scripting
Low
CVE-2022-31102
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 12, 2022
Cross-Site Scripting in webpack-bundle-analyzer
Moderate
GHSA-pgr8-jg6h-8gw6
was published
for
webpack-bundle-analyzer
(npm)
May 23, 2019
Space bug in `clean_text`
Moderate
GHSA-p2g9-94wh-65c2
was published
for
ammonia
(Rust)
Jun 16, 2022
Deserialization of Untrusted Data in ParlAI
Moderate
CVE-2021-24040
was published
for
parlai
(pip)
Sep 13, 2021
Uncontrolled Resource Consumption in github.com/google/fscrypt
Moderate
CVE-2022-25326
was published
for
github.com/google/fscrypt
(Go)
Feb 26, 2022
Cross-site Scripting Vulnerability in Action Pack
Moderate
CVE-2022-22577
was published
for
actionpack
(RubyGems)
Apr 27, 2022
Command Injection in node-windows
Critical
CVE-2021-45459
was published
for
node-windows
(npm)
Jan 5, 2022
Regular Expression Denial of Service in moment
High
CVE-2017-18214
was published
for
moment
(npm)
Mar 5, 2018
Rundeck Community Edition vulnerable to Cross-site Scripting
Moderate
CVE-2019-6804
was published
for
org.rundeck:rundeck
(Maven)
May 13, 2022
OpenFGA Authorization Bypass
Moderate
CVE-2022-39352
was published
for
github.com/openfga/openfga
(Go)
Nov 8, 2022
ProTip!
Advisories are also available from the
GraphQL API