Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23,835 advisories

Loading
Improper Certificate Validation in Liferay Portal Moderate
CVE-2022-42131 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Missing permissions check in Liferay Portal Moderate
CVE-2022-42126 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Apache Airflow Contains Open Redirect Moderate
CVE-2022-45402 was published for apache-airflow (pip) Nov 15, 2022
sunSUNQ
Apache Jena vulnerable to Deserialization of Untrusted Data Critical
CVE-2022-45136 was published for org.apache.jena:jena-sdb (Maven) Nov 14, 2022
Apache SOAP contains unauthenticated RPCRouterServlet Critical
CVE-2022-45378 was published for soap:soap (Maven) Nov 14, 2022
Concrete CMS vulnerable to Cross-site Request Forgery High
CVE-2022-43693 was published for concrete5/concrete5 (Composer) Nov 14, 2022
Apache Airflow vulnerable to OS Command Injection via example DAGs High
CVE-2022-40127 was published for apache-airflow (pip) Nov 14, 2022
Apache Airflow subject to Exposure of Sensitive Information High
CVE-2022-27949 was published for apache-airflow (pip) Nov 14, 2022
sunSUNQ
Pillow subject to DoS via SAMPLESPERPIXEL tag High
CVE-2022-45199 was published for pillow (pip) Nov 14, 2022
Pillow vulnerable to Data Amplification attack. High
CVE-2022-45198 was published for pillow (pip) Nov 14, 2022
NodeBB vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-3978 was published for nodebb (npm) Nov 13, 2022
Matrix-appservice-irc vulnerable to sql injection via roomIds argument Moderate
CVE-2022-3971 was published for matrix-appservice-irc (npm) Nov 13, 2022
NukeView CMS vulnerable to Cross-site Scripting Moderate
CVE-2022-3975 was published for nukeviet/nukeviet (Composer) Nov 13, 2022
ManyDesigns Portofino subject to creation of insecure temporary file High
CVE-2022-3952 was published for com.manydesigns:portofino (Maven) Nov 11, 2022
Snakeyaml vulnerable to Stack overflow leading to denial of service Moderate
CVE-2022-41854 was published for org.yaml:snakeyaml (Maven) Nov 11, 2022
peter-janssen p3pijn
atul-exabeam fabien-chebel sfblackl-intel
MessagePack for Golang subject to DoS via Unmarshal panic High
CVE-2022-41719 was published for github.com/shamaton/msgpack/v2 (Go) Nov 11, 2022
Arches vulnerable to execution of arbitrary SQL High
CVE-2022-41892 was published for arches (pip) Nov 11, 2022
sylwia-budzynska tdunlap607
Container build can leak any path on the host into the container Low
GHSA-vp35-85q5-9f25 was published for github.com/docker/docker (Go) Nov 11, 2022
leonwxqian corhere
neersighted
eZ Platform users with the Company admin role can assign any role to any user Critical
GHSA-99r3-xmmq-7q7g was published for ezsystems/ezpublish-kernel (Composer) Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user Critical
GHSA-8h83-chh2-fchp was published for ezsystems/ezplatform-kernel (Composer) Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user Critical
GHSA-446q-xxg5-3vhh was published for ezsystems/repository-forms (Composer) Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user Critical
GHSA-pcpm-vc4v-cmvx was published for ezsystems/ezplatform-admin-ui (Composer) Nov 10, 2022
Ibexa DXP users with the Company admin role can assign any role to any user Critical
GHSA-g6jc-xrc3-4wwq was published for ibexa/admin-ui (Composer) Nov 10, 2022
Ibexa DXP users with the Company admin role can assign any role to any user Critical
GHSA-394j-x37r-2q27 was published for ibexa/core (Composer) Nov 10, 2022
ibexa/admin-ui vulnerable to Cross-site Scripting in content type name/shortname Critical
GHSA-7644-cxp8-h23r was published for ibexa/admin-ui (Composer) Nov 10, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database