Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

389 advisories

Loading
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An... High Unreviewed
CVE-2022-42894 was published Nov 17, 2022
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application... High Unreviewed
CVE-2022-20958 was published Nov 4, 2022
The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up... High Unreviewed
CVE-2022-3708 was published Oct 29, 2022
Apache XML Graphics Batik vulnerable to code execution via SVG. High
CVE-2022-41704 was published for org.apache.xmlgraphics:batik (Maven) Oct 25, 2022
Untrusted code execution in Apache XML Graphics Batik High
CVE-2022-42890 was published for org.apache.xmlgraphics:batik (Maven) Oct 25, 2022
A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could... High Unreviewed
CVE-2022-36451 was published Oct 25, 2022
Microsoft Exchange Server Elevation of Privilege Vulnerability. High Unreviewed
CVE-2022-41040 was published Oct 4, 2022
Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module High
CVE-2022-36551 was published for label-studio (pip) Oct 4, 2022
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation... High Unreviewed
CVE-2022-2352 was published Sep 27, 2022
Apache Batik vulnerable to Server-Side Request Forgery High
CVE-2022-40146 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function of baijiacmsV4 v4.1.4... High Unreviewed
CVE-2022-38931 was published Sep 21, 2022
The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS... High Unreviewed
CVE-2022-30579 was published Sep 21, 2022
Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side... High Unreviewed
CVE-2022-38298 was published Sep 13, 2022
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and... High Unreviewed
CVE-2022-2633 was published Sep 7, 2022
4thline cling uPnP protocol issue can lead to denial of service High
CVE-2020-23622 was published for org.fourthline.cling:cling-core (Maven) Aug 16, 2022
An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite ... High Unreviewed
CVE-2022-37041 was published Aug 13, 2022
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4... High Unreviewed
CVE-2022-31776 was published Aug 2, 2022
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor... High Unreviewed
CVE-2022-22982 was published Jul 14, 2022
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the... High Unreviewed
CVE-2022-2339 was published Jul 8, 2022
The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not... High Unreviewed
CVE-2022-1977 was published Jun 28, 2022
NocoDB information disclosure vulnerability High
CVE-2022-2062 was published for nocodb (npm) Jun 14, 2022
Server-Side Request Forgery in Jodd HTTP High
CVE-2022-29631 was published for org.jodd:jodd-http (Maven) Jun 7, 2022
Server-Side Request Forgery in gogs webhook High
CVE-2022-1285 was published for gogs.io/gogs (Go) Jun 3, 2022
am0o0
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host... High Unreviewed
CVE-2022-27780 was published Jun 3, 2022
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within... High Unreviewed
CVE-2021-40186 was published Jun 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database