Skip to content

GitHub Advisory Database

The latest security vulnerabilities from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
594
Go
268
Maven
985
npm
2,266
NuGet
164
pip
913
RubyGems
441
Rust
384
Unreviewed advisories
All unreviewed
3,515

5,985 advisories

Server side request forgery in @isomorphic-git/cors-proxy High
CVE-2021-23664 was published for @isomorphic-git/cors-proxy (npm) Jan 26, 2022
Unhandled exception when decoding form response JSON High
GHSA-wjfq-88q2-r34j was published for pocketmine/pocketmine-mp (Composer) Jan 21, 2022
Impersonation of other users (passing XBOX Live authentication) by theft of logins in PocketMine-MP Moderate
GHSA-h79x-98r2-g6qc was published for pocketmine/pocketmine-mp (Composer) Jan 21, 2022
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks Critical
CVE-2021-21386 was published for APKLeaks (pip) Jan 21, 2022
Ry0taK
Cross-site Scripting in microweber High
CVE-2022-0278 was published for microweber/microweber (Composer) Jan 21, 2022
Improper Access Control in microweber Moderate
CVE-2022-0277 was published for microweber/microweber (Composer) Jan 21, 2022
Exposure of Sensitive Information to an Unauthorized Actor in microweber High
CVE-2022-0281 was published for microweber/microweber (Composer) Jan 21, 2022
Code Injection in microweber Moderate
CVE-2022-0282 was published for microweber/microweber (Composer) Jan 21, 2022
Cross-site Scripting in pimcore Moderate
CVE-2022-0285 was published for pimcore/pimcore (Composer) Jan 21, 2022
Improper Restriction of XML External Entity Reference in Skylot jadx Moderate
CVE-2022-0219 was published for io.github.skylot:jadx-core (Maven) Jan 21, 2022
Invalid URL generation in bitlyshortener Moderate
GHSA-rcrv-228c-gprj was published for bitlyshortener (pip) Jan 21, 2022
Insufficient Session Expiration in Pterodactyl API Moderate
GHSA-7v3x-h7r2-34jv was published for pterodactyl/panel (Composer) Jan 21, 2022
EgoMaw
Authorization Bypass Through User-Controlled Key in LiveHelperChat Moderate
CVE-2022-0266 was published for remdex/livehelperchat (Composer) Jan 21, 2022
Arbitrary code execution in H2 Console Critical
CVE-2022-23221 was published for com.h2database:h2 (Maven) Jan 21, 2022
Cross-site Scripting OrchardCore.Application.Cms.Targets Moderate
CVE-2022-0274 was published for OrchardCore.Application.Cms.Targets (NuGet) Jan 21, 2022
Incorrect Default Permissions in log4js Moderate
CVE-2022-21704 was published for log4js (npm) Jan 21, 2022
peteriman ranjit-git
Execution with Unnecessary Privileges in ipython High
CVE-2022-21699 was published for ipython (pip) Jan 21, 2022
mlucool quarl
Memory leak in micronaut-core Moderate
CVE-2022-21700 was published for io.micronaut:micronaut-http (Maven) Jan 21, 2022
chrischiappe larrycarasco
Username spoofing in OnionShare Moderate
CVE-2022-21696 was published for onionshare-cli (pip) Jan 21, 2022
Improper Access Control in Onionshare Moderate
CVE-2022-21695 was published for onionshare-cli (pip) Jan 21, 2022
Incorrect Permission Assignment for Critical Resource in OnionShare Low
CVE-2022-21694 was published for onionshare-cli (pip) Jan 21, 2022
Path traversal in Onionshare Moderate
CVE-2022-21693 was published for onionshare-cli (pip) Jan 21, 2022
Improper Access Control in Onionshare Moderate
CVE-2022-21692 was published for onionshare-cli (pip) Jan 21, 2022
Improper Access Control in Onionshare Moderate
CVE-2022-21691 was published for onionshare-cli (pip) Jan 21, 2022
OTF-001: Improper Input Sanitation: The path parameter of the requested URL is not sanitized before being passed to the QT frontend High
CVE-2022-21690 was published for onionshare-cli (pip) Jan 21, 2022
ProTip! Advisories are also available from the GraphQL API