GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
298 advisories
Remote command injection when using sendmail email transport
Moderate
GHSA-wfrj-qqc2-83cm
was published
for
ghost
(npm)
Sep 20, 2021
Out-of-bounds Read in base64url
Moderate
GHSA-rvg8-pwq2-xj7q
was published
for
base64url
(npm)
Sep 1, 2020
Improper Input Validation in sanitize-html
Moderate
CVE-2021-26539
was published
for
sanitize-html
(npm)
May 6, 2021
SQL Injection via GeoJSON in sequelize
Critical
CVE-2016-1000225
was published
for
sequelize
(npm)
Sep 1, 2020
Arbitrary file reads in HashiCorp Nomad
High
CVE-2022-24683
was published
for
github.com/hashicorp/nomad
(Go)
Feb 18, 2022
Authentication Bypass Using an Alternate Path or Channel and Authentication Bypass by Primary Weakness in rucio-webui
High
GHSA-v988-828w-xvf2
was published
for
rucio-webui
(pip)
Oct 22, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43570
was published
for
com.starkbank:starkbank-ecdsa
(Maven)
Nov 10, 2021
Eclipse Californium denial of service (DoS) via Datagram Transport Layer Security (DTLS) handshake on parameter mismatch
High
CVE-2022-2576
was published
for
org.eclipse.californium:californium-core
(Maven)
Jul 30, 2022
Calculation error in ark-r1cs-std
Critical
CVE-2021-38194
was published
for
ark-r1cs-std
(Rust)
Aug 25, 2021
Capture-replay in Gitea
Critical
CVE-2021-45327
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Hashicorp Nomad Information Exposure Through Environmental Variables
Moderate
CVE-2019-14802
was published
for
github.com/hashicorp/nomad
(Go)
Feb 15, 2022
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Moderate
GHSA-6hgr-2g6q-3rmc
was published
for
com.vaadin:flow-client
(Maven)
Apr 22, 2021
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server
Moderate
CVE-2022-24904
was published
for
github.com/argoproj/argo-cd/v2
(Go)
May 23, 2022
Insecure Cryptography Algorithm in simple-crypto-js
Moderate
GHSA-5v7r-jg9r-vq44
was published
for
simple-crypto-js
(npm)
Sep 3, 2020
Cross site scripting in safe-svg
Moderate
CVE-2022-1091
was published
for
darylldoyle/safe-svg
(Composer)
Apr 19, 2022
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable
Critical
CVE-2022-32511
was published
for
jmespath
(RubyGems)
Jun 7, 2022
OHDSI WebAPI vulnerable to SQL Injection
Critical
CVE-2019-15563
was published
for
org.ohdsi:WebAPI
(Maven)
May 24, 2022
Cross-site scripting (XSS) from field and configuration text displayed in the Panel
High
CVE-2021-32735
was published
for
getkirby/cms
(Composer)
Jul 2, 2021
Rosetta-Flash JSONP Vulnerability in hapi
Moderate
CVE-2014-4671
was published
for
hapi
(npm)
Aug 31, 2020
Read of uninitialized memory in cdr
Critical
CVE-2021-26305
was published
for
cdr
(Rust)
Aug 25, 2021
OpenFGA Authorization Bypass
Moderate
CVE-2022-39352
was published
for
github.com/openfga/openfga
(Go)
Nov 8, 2022
Rundeck Community Edition vulnerable to Cross-site Scripting
Moderate
CVE-2019-6804
was published
for
org.rundeck:rundeck
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API