Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,873 advisories

phpMyAdmin CSRF Vulnerability High
CVE-2018-19969 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Plone SQL Injection Vulnerability High
CVE-2020-7939 was published for Plone (pip) May 24, 2022
Nuclide Improper Input Validation Critical
CVE-2018-6333 was published for nuclide (npm) May 13, 2022
Keycloak Open Redirect Moderate
CVE-2018-14658 was published for org.keycloak:keycloak-core (Maven) May 13, 2022
ChakraCore RCE Vulnerability High
CVE-2018-8390 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
ChakraCore RCE Vulnerability High
CVE-2018-8385 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
Kubernetes arbitrary file overwrite Moderate
CVE-2018-1002100 was published for k8s.io/kubernetes (Go) May 13, 2022
Minikube RCE via DNS Rebinding High
CVE-2018-1002103 was published for k8s.io/minikube (Go) May 13, 2022
Podman Elevated Container Privileges High
CVE-2018-10856 was published for github.com/containers/podman/v4 (Go) May 13, 2022
Moodle sensitive information disclosure Moderate
CVE-2018-10889 was published for moodle/moodle (Composer) May 13, 2022
JOSE vulnerable to resource exhaustion via specifically crafted JWE Moderate
CVE-2022-36083 was published for jose (npm) Sep 16, 2022
TomTervoort panva
Churro
Talos worker join token can be used to get elevated access level to the Talos API High
CVE-2022-36103 was published for github.com/talos-systems/talos (Go) Sep 16, 2022
smira
linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend` High
CVE-2022-36086 was published for linked_list_allocator (Rust) Sep 16, 2022
evanrichter
Rust-WebSocket memory allocation based on untrusted length High
CVE-2022-35922 was published for websocket (Rust) Aug 6, 2022
evanrichter
OpenZeppelin Contracts ERC165Checker unbounded gas consumption Moderate
CVE-2022-35915 was published for @openzeppelin/contracts (npm) Aug 14, 2022
RabbitMQ password stored in plain text by Jenkins CollabNet Plugins Plugin Low
CVE-2022-38665 was published for org.jenkins-ci.plugins:collabnet (Maven) Aug 24, 2022
NotMyFault
Byobu user preference to prevent private discussions being started are not respected Low
CVE-2022-35921 was published for fof/byobu (Composer) Aug 6, 2022
October CMS Local File Inclusion High
CVE-2018-1999009 was published for october/october (Composer) May 13, 2022
NocoDB vulnerable to Denial of Service Moderate
CVE-2022-3423 was published for nocodb (npm) Oct 7, 2022
python-oslo-utils has improper password parsing Moderate
CVE-2022-0718 was published for oslo-utils (pip) Aug 29, 2022
KubeEdge Cloud Stream and Edge Stream DoS from large stream message Moderate
CVE-2022-31079 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
AdamKorcz DavidKorczynski
KubeEdge CloudCore Router memory exhaustion vulnerability Moderate
CVE-2022-31078 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
Cockpit Content Platform vulnerable to 2FA bypass High
CVE-2022-2818 was published for cockpit-hq/cockpit (Composer) Aug 16, 2022
Incomplete validation in signal ops leads to crashes in TensorFlow Moderate
CVE-2022-29213 was published for tensorflow (pip) May 24, 2022
Denial of service in `tf.ragged.constant` due to lack of validation Moderate
CVE-2022-29202 was published for tensorflow (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API