Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,873 advisories

oqs's Post-Quantum Key Encapsulation Mechanism SIKE broken Moderate
GHSA-hrjv-pf36-jpmr was published for oqs (Rust) Aug 18, 2022
oqs's Post-Quantum Signature scheme Rainbow level I parametersets broken High
GHSA-h864-m8vm-3xvj was published for oqs (Rust) Aug 18, 2022
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles Moderate
CVE-2022-2256 was published for org.keycloak:keycloak-parent (Maven) Sep 23, 2022
Potential inter-blockchain communication (IBC) protocol compromise via "Dragonberry" vulnerability in cheqd High
GHSA-j92c-mmf7-j5x5 was published for github.com/cheqd/cheqd-node (Go) Oct 18, 2022
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Moderate
GHSA-2qc6-mcvw-92cw was published for nokogiri (RubyGems) Oct 18, 2022
prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior Moderate
GHSA-gfgm-chr3-x6px was published for prettytable-rs (Rust) Dec 30, 2022
apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page Moderate
GHSA-2fvv-qxrq-7jq6 was published for apollo-server-core (npm) Aug 18, 2022
adenkiewicz
PocketMine-MP invalid skin geometry JSON data leading to server crash High
GHSA-8cwq-4cmf-px73 was published for pocketmine/pocketmine-mp (Composer) Aug 18, 2022
Read the Docs vulnerable to Cross-Site Scripting (XSS) Moderate
GHSA-98pf-gfh3-x3mp was published for readthedocs (npm) Nov 10, 2022
stsewd
Ibexa DXP users with the Company admin role can assign any role to any user Critical
GHSA-g6jc-xrc3-4wwq was published for ibexa/admin-ui (Composer) Nov 10, 2022
Redwood is vulnerable to account takeover via dbAuth "forgot-password" High
GHSA-3qmc-2r76-4rqp was published for @redwoodjs/api (npm) Nov 10, 2022
ibexa/admin-ui vulnerable to Cross-site Scripting in content type name/shortname Critical
GHSA-7644-cxp8-h23r was published for ibexa/admin-ui (Composer) Nov 10, 2022
GraphQL queries can expose password hashes Critical
GHSA-3p7g-wrgg-wq45 was published for ibexa/graphql (Composer) Nov 10, 2022
tranca
ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS) Critical
GHSA-58h5-h554-429q was published for ezsystems/ezplatform-admin-ui (Composer) Nov 10, 2022
Ibexa DXP users with the Company admin role can assign any role to any user Critical
GHSA-394j-x37r-2q27 was published for ibexa/core (Composer) Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user Critical
GHSA-446q-xxg5-3vhh was published for ezsystems/repository-forms (Composer) Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user Critical
GHSA-pcpm-vc4v-cmvx was published for ezsystems/ezplatform-admin-ui (Composer) Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user Critical
GHSA-99r3-xmmq-7q7g was published for ezsystems/ezpublish-kernel (Composer) Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user Critical
GHSA-8h83-chh2-fchp was published for ezsystems/ezplatform-kernel (Composer) Nov 10, 2022
Container build can leak any path on the host into the container Low
GHSA-vp35-85q5-9f25 was published for github.com/moby/moby (Go) Nov 11, 2022
leonwxqian corhere
neersighted
mofh Vulnerable to Improper Restriction of XML External Entity Reference Moderate
GHSA-7r9x-qrpr-3cxw was published for mofh (pip) Aug 11, 2022
django-sendfile2 before 0.7.0 contains reflected file download vulnerability High
GHSA-pcjh-6r5h-r92r was published for django-sendfile2 (pip) Aug 11, 2022
moggers87 sergei-maertens
`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr High
GHSA-c439-chv8-8g2j was published for os_socketaddr (Rust) Sep 2, 2022
Prometheus vulnerable to basic authentication bypass High
GHSA-4v48-4q5m-8vx4 was published for github.com/prometheus/prometheus (Go) Dec 5, 2022
chunklhit
DSInternals Credential Roaming Elevation of Privilege Vulnerability Moderate
GHSA-vx2x-9cff-fhjw was published for DSInternals.Common (NuGet) Dec 6, 2022
ProTip! Advisories are also available from the GraphQL API