+
Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,890
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,217
NuGet
745
pip
3,994
Pub
12
RubyGems
950
Rust
1,038
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,162 advisories

Loading
TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz) Moderate
CVE-2022-47407 was published for fixpunkt/fp-masterquiz (Composer) Dec 14, 2022
MarkLee131
Credited to MarkLee131
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data High
CVE-2022-47411 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data High
CVE-2022-47410 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
collective.dms.basecontent Cross-site Scripting vulnerability Moderate
CVE-2022-4495 was published for collective.dms.basecontent (pip) Dec 14, 2022
SCIFIO vulnerable to Path Traversal Critical
CVE-2022-4493 was published for io.scif:scifio (Maven) Dec 14, 2022
Apache Atlas: zip path traversal in import functionality High
CVE-2022-34271 was published for org.apache.atlas:apache-atlas (Maven) Dec 14, 2022
cycle-import-check vulnerable to Command Injection Critical
CVE-2022-24377 was published for cycle-import-check (npm) Dec 14, 2022
csaf-poc/csaf_distribution Cross-site Scripting vulnerability Moderate
CVE-2022-43996 was published for github.com/csaf-poc/csaf_distribution (Go) Dec 14, 2022
tdunlap607
Credited to tdunlap607
Duplicate Advisory: .NET Framework Remote Code Execution Vulnerability. High
GHSA-9qcm-fqj9-93m4 was published for Microsoft.WindowsDesktop.App.Runtime.win-x64 (NuGet) Dec 13, 2022 withdrawn
Keycloak vulnerable to path traversal via double URL encoding Critical
CVE-2022-3782 was published for org.keycloak:keycloak-parent (Maven) Dec 13, 2022
Keycloak vulnerable to session takeover with OIDC offline refreshtokens Moderate
CVE-2022-3916 was published for org.keycloak:keycloak-parent (Maven) Dec 13, 2022
Flintholm
Credited to Flintholm
pgadmin4 vulnerable to Code Injection High
CVE-2022-4223 was published for pgadmin4 (pip) Dec 13, 2022
Denial of service by double-checked locking in openssl-src High
CVE-2022-3996 was published for openssl-src (Rust) Dec 13, 2022
AlmogApiiro westonsteimel
Credited to AlmogApiiro and westonsteimel
Apache CXF Server-Side Request Forgery vulnerability Critical
CVE-2022-46364 was published for org.apache.cxf:cxf-core (Maven) Dec 13, 2022
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Moderate
CVE-2022-23520 was published for rails-html-sanitizer (RubyGems) Dec 13, 2022
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Moderate
CVE-2022-23519 was published for rails-html-sanitizer (RubyGems) Dec 13, 2022
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Moderate
CVE-2022-23518 was published for rails-html-sanitizer (RubyGems) Dec 13, 2022
Inefficient Regular Expression Complexity in rails-html-sanitizer High
CVE-2022-23517 was published for rails-html-sanitizer (RubyGems) Dec 13, 2022
Uncontrolled Recursion in Loofah High
CVE-2022-23516 was published for loofah (RubyGems) Dec 13, 2022
Improper neutralization of data URIs may allow XSS in Loofah Moderate
CVE-2022-23515 was published for loofah (RubyGems) Dec 13, 2022
Inefficient Regular Expression Complexity in Loofah High
CVE-2022-23514 was published for loofah (RubyGems) Dec 13, 2022
Authentication Bypass for passport-wsfed-saml2 Moderate
CVE-2022-23505 was published for passport-wsfed-saml2 (npm) Dec 13, 2022
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration Moderate
CVE-2022-23504 was published for typo3/cms (Composer) Dec 13, 2022
ohader darth-hader
Credited to ohader and darth-hader
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework High
CVE-2022-23503 was published for typo3/cms (Composer) Dec 13, 2022
TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset Moderate
CVE-2022-23502 was published for typo3/cms (Composer) Dec 13, 2022
derhansen
Credited to derhansen
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载