Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,819
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,046
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

23,358 advisories

Loading
Liferay Portal Path Traversal Vulnerability via the Hypermedia REST APIs Module High
CVE-2022-28981 was published for com.liferay:com.liferay.headless.discovery.web (Maven) Sep 23, 2022
Apache SOAP's RPCRouterServlet allows reading of arbitrary files over HTTP High
CVE-2022-40705 was published for soap:soap (Maven) Sep 23, 2022
Apache Batik vulnerable to Server-Side Request Forgery High
CVE-2022-40146 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
Apache Batik vulnerable to Server-Side Request Forgery Moderate
CVE-2022-38648 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
Apache Batik Server-Side Request Forgery Moderate
CVE-2022-38398 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed High
CVE-2022-3274 was published for rdiffweb (pip) Sep 23, 2022
ICEcoder vulnerable to Path Traversal High
CVE-2022-34026 was published for icecoder/icecoder (Composer) Sep 23, 2022
rdiffweb Cross-Site Request Forgery vulnerability Moderate
CVE-2022-3267 was published for rdiffweb (pip) Sep 23, 2022
Toast UI Grid vulnerable to Cross-site Scripting Moderate
CVE-2022-23458 was published for tui-grid (npm) Sep 23, 2022
Apache Airflow vulnerable to Use of Externally-Controlled Format String High
CVE-2022-40604 was published for apache-airflow (pip) Sep 22, 2022
sunSUNQ
Apache Airflow contains open redirect Moderate
CVE-2022-40754 was published for apache-airflow (pip) Sep 22, 2022
OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type Low
CVE-2022-2872 was published for OctoPrint (pip) Sep 22, 2022
OctoPrint Improper Privilege Management vulnerability High
CVE-2022-3068 was published for OctoPrint (pip) Sep 22, 2022
OctoPrint vulnerable to Insufficient Session Expiration. Moderate
CVE-2022-2888 was published for OctoPrint (pip) Sep 22, 2022
Pimcore vulnerable to cross site scripting Moderate
CVE-2022-3255 was published for pimcore/pimcore (Composer) Sep 22, 2022
Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted Low
CVE-2022-41247 was published for org.jenkins-ci.plugins:bigpanda-jenkins (Maven) Sep 22, 2022
NotMyFault
Missing hostname validation in Jenkins View26 Test-Reporting Plugin Moderate
CVE-2022-41244 was published for org.jenkins-ci.plugins:view26 (Maven) Sep 22, 2022
NotMyFault
CSRF vulnerability and mM Moderate
CVE-2022-41246 was published for org.jenkins-ci.plugins:ws-execution-manager (Maven) Sep 22, 2022
NotMyFault
Stored XSS vulnerability in Jenkins DotCi Plugin High
CVE-2022-41239 was published for com.groupon.jenkins-ci.plugins:DotCi (Maven) Sep 22, 2022
NotMyFault
CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin allows capturing credentials Moderate
CVE-2022-41245 was published for org.jenkins-ci.plugins:ws-execution-manager (Maven) Sep 22, 2022
NotMyFault
Jenkins Anchore Container Image Scanner Plugin vulnerable to cross site scripting High
CVE-2022-41225 was published for org.jenkins-ci.plugins:anchore-container-scanner (Maven) Sep 22, 2022
NotMyFault
Path traversal in Jenkins build-publisher Plugin Moderate
CVE-2022-41231 was published for org.jenkins-ci.plugins:build-publisher (Maven) Sep 22, 2022
NotMyFault
CSRF vulnerability in Jenkins Security Inspector plugin Moderate
CVE-2022-41236 was published for org.jenkins-ci.plugins:security-inspector (Maven) Sep 22, 2022
NotMyFault
Jenkins build-publisher plugin vulnerable to cross-site request forgery High
CVE-2022-41232 was published for org.jenkins-ci.plugins:build-publisher (Maven) Sep 22, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Walti plugin High
CVE-2022-41240 was published for org.jenkins-ci.plugins:walti (Maven) Sep 22, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database