Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,820
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,050
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

23,368 advisories

Loading
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console High
CVE-2022-2668 was published for org.keycloak:keycloak-parent (Maven) Sep 23, 2022
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete High
GHSA-28q9-9c3g-v3f9 was published for github.com/treeverse/lakefs (Go) Sep 23, 2022
Liferay Portal and Liferay DXP Fails to Check Permissions in Translation Module Moderate
CVE-2022-38512 was published for com.liferay.portal:release.dxp.bom (Maven) Sep 23, 2022
Liferay Portal and Liferay DXP HtmlUtil.escapeRedirect Can Be Circumvented Moderate
CVE-2022-28977 was published for com.liferay.portal:com.liferay.util.java (Maven) Sep 23, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS via Tag Name Moderate
CVE-2022-28982 was published for com.liferay:com.liferay.asset.taglib (Maven) Sep 23, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS via the filter_ Prefix Moderate
CVE-2022-28980 was published for com.liferay.portal:release.dxp.bom (Maven) Sep 23, 2022
Liferay Portal Missing Authorization vulnerability Moderate
CVE-2022-39975 was published for com.liferay.portal:release.portal.bom (Maven) Sep 23, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS in the Portal Search Module Moderate
CVE-2022-28979 was published for com.liferay.portal:release.dxp.bom (Maven) Sep 23, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS in the Site Module Moderate
CVE-2022-28978 was published for com.liferay.portal:release.dxp.bom (Maven) Sep 23, 2022
Liferay Portal Path Traversal Vulnerability via the Hypermedia REST APIs Module High
CVE-2022-28981 was published for com.liferay:com.liferay.headless.discovery.web (Maven) Sep 23, 2022
Apache SOAP's RPCRouterServlet allows reading of arbitrary files over HTTP High
CVE-2022-40705 was published for soap:soap (Maven) Sep 23, 2022
HashiCorp Vault vulnerable to incorrect metadata access Critical
CVE-2022-40186 was published for github.com/hashicorp/vault (Go) Sep 23, 2022
Apache Batik vulnerable to Server-Side Request Forgery High
CVE-2022-40146 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
Apache Batik vulnerable to Server-Side Request Forgery Moderate
CVE-2022-38648 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
Apache Batik Server-Side Request Forgery Moderate
CVE-2022-38398 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed High
CVE-2022-3274 was published for rdiffweb (pip) Sep 23, 2022
ICEcoder vulnerable to Path Traversal High
CVE-2022-34026 was published for icecoder/icecoder (Composer) Sep 23, 2022
rdiffweb Cross-Site Request Forgery vulnerability Moderate
CVE-2022-3267 was published for rdiffweb (pip) Sep 23, 2022
Toast UI Grid vulnerable to Cross-site Scripting Moderate
CVE-2022-23458 was published for tui-grid (npm) Sep 23, 2022
Apache Airflow vulnerable to Use of Externally-Controlled Format String High
CVE-2022-40604 was published for apache-airflow (pip) Sep 22, 2022
sunSUNQ
Apache Airflow contains open redirect Moderate
CVE-2022-40754 was published for apache-airflow (pip) Sep 22, 2022
OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type Low
CVE-2022-2872 was published for OctoPrint (pip) Sep 22, 2022
OctoPrint Improper Privilege Management vulnerability High
CVE-2022-3068 was published for OctoPrint (pip) Sep 22, 2022
OctoPrint vulnerable to Insufficient Session Expiration. Moderate
CVE-2022-2888 was published for OctoPrint (pip) Sep 22, 2022
Pimcore vulnerable to cross site scripting Moderate
CVE-2022-3255 was published for pimcore/pimcore (Composer) Sep 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database