GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,873 advisories
Filter by severity
phpMyAdmin CSRF Vulnerability
High
CVE-2018-19969
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Nuclide Improper Input Validation
Critical
CVE-2018-6333
was published
for
nuclide
(npm)
May 13, 2022
Keycloak Open Redirect
Moderate
CVE-2018-14658
was published
for
org.keycloak:keycloak-core
(Maven)
May 13, 2022
ChakraCore RCE Vulnerability
High
CVE-2018-8390
was published
for
Microsoft.ChakraCore
(NuGet)
May 13, 2022
ChakraCore RCE Vulnerability
High
CVE-2018-8385
was published
for
Microsoft.ChakraCore
(NuGet)
May 13, 2022
Kubernetes arbitrary file overwrite
Moderate
CVE-2018-1002100
was published
for
k8s.io/kubernetes
(Go)
May 13, 2022
Minikube RCE via DNS Rebinding
High
CVE-2018-1002103
was published
for
k8s.io/minikube
(Go)
May 13, 2022
Podman Elevated Container Privileges
High
CVE-2018-10856
was published
for
github.com/containers/podman/v4
(Go)
May 13, 2022
Moodle sensitive information disclosure
Moderate
CVE-2018-10889
was published
for
moodle/moodle
(Composer)
May 13, 2022
JOSE vulnerable to resource exhaustion via specifically crafted JWE
Moderate
CVE-2022-36083
was published
for
jose
(npm)
Sep 16, 2022
Talos worker join token can be used to get elevated access level to the Talos API
High
CVE-2022-36103
was published
for
github.com/talos-systems/talos
(Go)
Sep 16, 2022
linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`
High
CVE-2022-36086
was published
for
linked_list_allocator
(Rust)
Sep 16, 2022
Rust-WebSocket memory allocation based on untrusted length
High
CVE-2022-35922
was published
for
websocket
(Rust)
Aug 6, 2022
OpenZeppelin Contracts ERC165Checker unbounded gas consumption
Moderate
CVE-2022-35915
was published
for
@openzeppelin/contracts
(npm)
Aug 14, 2022
RabbitMQ password stored in plain text by Jenkins CollabNet Plugins Plugin
Low
CVE-2022-38665
was published
for
org.jenkins-ci.plugins:collabnet
(Maven)
Aug 24, 2022
Byobu user preference to prevent private discussions being started are not respected
Low
CVE-2022-35921
was published
for
fof/byobu
(Composer)
Aug 6, 2022
October CMS Local File Inclusion
High
CVE-2018-1999009
was published
for
october/october
(Composer)
May 13, 2022
NocoDB vulnerable to Denial of Service
Moderate
CVE-2022-3423
was published
for
nocodb
(npm)
Oct 7, 2022
python-oslo-utils has improper password parsing
Moderate
CVE-2022-0718
was published
for
oslo-utils
(pip)
Aug 29, 2022
KubeEdge Cloud Stream and Edge Stream DoS from large stream message
Moderate
CVE-2022-31079
was published
for
github.com/kubeedge/kubeedge
(Go)
Jul 11, 2022
KubeEdge CloudCore Router memory exhaustion vulnerability
Moderate
CVE-2022-31078
was published
for
github.com/kubeedge/kubeedge
(Go)
Jul 11, 2022
Cockpit Content Platform vulnerable to 2FA bypass
High
CVE-2022-2818
was published
for
cockpit-hq/cockpit
(Composer)
Aug 16, 2022
Incomplete validation in signal ops leads to crashes in TensorFlow
Moderate
CVE-2022-29213
was published
for
tensorflow
(pip)
May 24, 2022
Denial of service in `tf.ragged.constant` due to lack of validation
Moderate
CVE-2022-29202
was published
for
tensorflow
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API