Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,057
Maven
5,000+
npm
3,742
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

24,082 advisories

Loading
The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the... Critical Unreviewed
CVE-2022-34056 was published Jun 25, 2022
Improper handling of double quotes in file name in Diffy in Windows environment Critical
CVE-2022-33127 was published for diffy (RubyGems) Jun 24, 2022
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be... Critical Unreviewed
CVE-2022-32534 was published Jun 24, 2022
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8,... Critical Unreviewed
CVE-2022-32554 was published Jun 24, 2022
SpEL Injection in Spring Data MongoDB Critical
CVE-2022-22980 was published for org.springframework.data:spring-data-mongodb (Maven) Jun 24, 2022
rthorpeii
IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO Critical Unreviewed
CVE-2022-31787 was published Jun 24, 2022
Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker... Critical Unreviewed
CVE-2021-40954 was published Jun 24, 2022
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root... Critical Unreviewed
CVE-2022-32535 was published Jun 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** Docebo Community Edition v4.0.5 and below was discovered to... Critical Unreviewed
CVE-2022-31361 was published Jun 24, 2022
Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause... Critical Unreviewed
CVE-2021-26638 was published Jun 24, 2022
Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution,... Critical Unreviewed
CVE-2021-26636 was published Jun 24, 2022
There is no account authentication and permission check logic in the firmware and existing apps... Critical Unreviewed
CVE-2021-26637 was published Jun 24, 2022
Weave GitOps leaked cluster credentials into logs on connection errors Critical
CVE-2022-31098 was published for github.com/weaveworks/weave-gitops (Go) Jun 23, 2022
stefanprodan
Unsafe yaml deserialization in NVFlare Critical
CVE-2022-31605 was published for nvflare (pip) Jun 22, 2022
Unsafe deserialisation in the PKI implementation scheme of NVFlare Critical
CVE-2022-31604 was published for nvflare (pip) Jun 22, 2022
An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS... Critical Unreviewed
CVE-2022-31800 was published Jun 22, 2022
An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS... Critical Unreviewed
CVE-2022-31801 was published Jun 22, 2022
A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. Affected... Critical Unreviewed
CVE-2017-20067 was published Jun 22, 2022
An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0... Critical Unreviewed
CVE-2022-31374 was published Jun 22, 2022
iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL. Critical Unreviewed
CVE-2022-29775 was published Jun 22, 2022
iSpyConnect iSpy v7.2.2.0 is vulnerable to path traversal. Critical Unreviewed
CVE-2022-29774 was published Jun 22, 2022
A vulnerability has been identified in SIMATIC WinCC OA V3.16 (All versions in default... Critical Unreviewed
CVE-2022-33139 was published Jun 22, 2022
The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection. Critical Unreviewed
CVE-2022-26147 was published Jun 22, 2022
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further... Critical Unreviewed
CVE-2022-2068 was published Jun 22, 2022
Argo CD's external URLs for Deployments can include JavaScript Critical
CVE-2022-31035 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
DavidKorczynski AdamKorcz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database