GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
10 advisories
xmldom allows multiple root nodes in a DOM
Critical
CVE-2022-39353
was published
for
@xmldom/xmldom
(npm)
Nov 1, 2022
Insufficient validation when decoding a Socket.IO packet
Critical
CVE-2022-2421
was published
for
socket.io-parser
(npm)
Oct 26, 2022
Shescape vulnerable to insufficient escaping of whitespace
Critical
CVE-2022-31180
was published
for
shescape
(npm)
Jul 15, 2022
Possible shell escape sequence injection vulnerability in Rack
Critical
CVE-2022-30123
was published
for
rack
(RubyGems)
May 27, 2022
Improper Neutralization of Special Elements used in a Command in Shell-quote
Critical
CVE-2021-42740
was published
for
shell-quote
(npm)
May 24, 2022
Improper path handling in kustomization files allows path traversal
Critical
CVE-2022-24877
was published
for
github.com/fluxcd/flux2
(Go)
May 4, 2022
Keycloak vulnerable to privilege escalation on Token Exchange feature
Critical
CVE-2022-1245
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 26, 2022
Incorrect Authorization in Apache Solr
Critical
CVE-2020-13957
was published
for
org.apache.solr:solr-parent
(Maven)
Feb 10, 2022
Improper Input Validation in simple_form
Critical
CVE-2019-16676
was published
for
simple_form
(RubyGems)
Sep 30, 2019
Denial of Service in https-proxy-agent
Critical
CVE-2018-3739
was published
for
https-proxy-agent
(npm)
Jul 27, 2018
ProTip!
Advisories are also available from the
GraphQL API