Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,065
Maven
5,000+
npm
3,744
NuGet
668
pip
3,425
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

24,117 advisories

Loading
The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the... Critical Unreviewed
CVE-2022-34056 was published Jun 25, 2022
The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain a code execution backdoor... Critical Unreviewed
CVE-2022-34054 was published Jun 25, 2022
The Sixfab-Tool in PyPI v0.0.2 to v0.0.3 was discovered to contain a code execution backdoor via... Critical Unreviewed
CVE-2022-34059 was published Jun 25, 2022
The Scoptrial package in PyPI version v0.0.5 was discovered to contain a code execution backdoor... Critical Unreviewed
CVE-2022-34057 was published Jun 25, 2022
The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contain a code execution backdoor... Critical Unreviewed
CVE-2022-34065 was published Jun 25, 2022
The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain a code execution backdoor... Critical Unreviewed
CVE-2022-33003 was published Jun 25, 2022
The Zibal package in PyPI v1.0.0 was discovered to contain a code execution backdoor. This... Critical Unreviewed
CVE-2022-34064 was published Jun 25, 2022
The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to contain a code execution... Critical Unreviewed
CVE-2022-34066 was published Jun 25, 2022
The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contain a code execution backdoor... Critical Unreviewed
CVE-2022-33004 was published Jun 25, 2022
The Togglee package in PyPI version v0.0.8 was discovered to contain a code execution backdoor.... Critical Unreviewed
CVE-2022-34060 was published Jun 25, 2022
The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor... Critical Unreviewed
CVE-2022-34053 was published Jun 25, 2022
Improper handling of double quotes in file name in Diffy in Windows environment Critical
CVE-2022-33127 was published for diffy (RubyGems) Jun 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** Docebo Community Edition v4.0.5 and below was discovered to... Critical Unreviewed
CVE-2022-31361 was published Jun 24, 2022
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be... Critical Unreviewed
CVE-2022-32534 was published Jun 24, 2022
Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker... Critical Unreviewed
CVE-2021-40954 was published Jun 24, 2022
SpEL Injection in Spring Data MongoDB Critical
CVE-2022-22980 was published for org.springframework.data:spring-data-mongodb (Maven) Jun 24, 2022
rthorpeii
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root... Critical Unreviewed
CVE-2022-32535 was published Jun 24, 2022
IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO Critical Unreviewed
CVE-2022-31787 was published Jun 24, 2022
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8,... Critical Unreviewed
CVE-2022-32554 was published Jun 24, 2022
Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution,... Critical Unreviewed
CVE-2021-26636 was published Jun 24, 2022
Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause... Critical Unreviewed
CVE-2021-26638 was published Jun 24, 2022
There is no account authentication and permission check logic in the firmware and existing apps... Critical Unreviewed
CVE-2021-26637 was published Jun 24, 2022
Weave GitOps leaked cluster credentials into logs on connection errors Critical
CVE-2022-31098 was published for github.com/weaveworks/weave-gitops (Go) Jun 23, 2022
stefanprodan
Unsafe yaml deserialization in NVFlare Critical
CVE-2022-31605 was published for nvflare (pip) Jun 22, 2022
Unsafe deserialisation in the PKI implementation scheme of NVFlare Critical
CVE-2022-31604 was published for nvflare (pip) Jun 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database