Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

24,090 advisories

Loading
A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System... Critical Unreviewed
CVE-2022-28620 was published Jun 25, 2022
Path traversal in Concrete CMS Critical
CVE-2022-30117 was published for concrete5/core (Composer) Jun 25, 2022
IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2022-31767 was published Jun 25, 2022
Weak default root user credentials allow remote attackers to easily obtain OS superuser... Critical Unreviewed
CVE-2022-1668 was published Jun 25, 2022
An attacker with weak credentials could access the TCP port via an open FTP port, allowing an... Critical Unreviewed
CVE-2022-2103 was published Jun 25, 2022
The www-data (Apache web server) account is configured to run sudo with no password for many... Critical Unreviewed
CVE-2022-2104 was published Jun 25, 2022
OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path... Critical Unreviewed
CVE-2022-2119 was published Jun 25, 2022
LRM contains a directory traversal vulnerability that can allow a malicious actor to upload... Critical Unreviewed
CVE-2022-1518 was published Jun 25, 2022
LRM does not restrict the types of files that can be uploaded to the affected product. A... Critical Unreviewed
CVE-2022-1519 was published Jun 25, 2022
SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection... Critical Unreviewed
CVE-2022-23170 was published Jun 25, 2022
LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code... Critical Unreviewed
CVE-2022-1517 was published Jun 25, 2022
LRM does not implement authentication or authorization by default. A malicious actor can inject,... Critical Unreviewed
CVE-2022-1521 was published Jun 25, 2022
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary... Critical Unreviewed
CVE-2021-38945 was published Jun 25, 2022
Client-side JavaScript controls may be bypassed to change user credentials and permissions... Critical Unreviewed
CVE-2022-2105 was published Jun 25, 2022
A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an... Critical Unreviewed
CVE-2021-39409 was published Jun 25, 2022
The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution... Critical Unreviewed
CVE-2022-32996 was published Jun 25, 2022
The cloudlabeling package in PyPI v0.0.1 was discovered to contain a code execution backdoor via... Critical Unreviewed
CVE-2022-32999 was published Jun 25, 2022
The AAmiles package in PyPI v0.1.0 was discovered to contain a code execution backdoor via the... Critical Unreviewed
CVE-2022-33001 was published Jun 25, 2022
The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code... Critical Unreviewed
CVE-2022-32997 was published Jun 25, 2022
The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to contain a code execution... Critical Unreviewed
CVE-2022-33000 was published Jun 25, 2022
The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to contain a code execution... Critical Unreviewed
CVE-2022-33002 was published Jun 25, 2022
The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code... Critical Unreviewed
CVE-2022-32998 was published Jun 25, 2022
The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contain a code execution backdoor... Critical Unreviewed
CVE-2022-33004 was published Jun 25, 2022
The Togglee package in PyPI version v0.0.8 was discovered to contain a code execution backdoor.... Critical Unreviewed
CVE-2022-34060 was published Jun 25, 2022
The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain a code execution backdoor... Critical Unreviewed
CVE-2022-33003 was published Jun 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database