GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
34 advisories
Keycloak is vulnerable to IDN homograph attack
Low
GHSA-mwm4-5qwr-g9pf
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 28, 2022
Denial of Service in https-proxy-agent
Critical
CVE-2018-3739
was published
for
https-proxy-agent
(npm)
Jul 27, 2018
ReDOS vulnerabities: multiple grammars
Moderate
GHSA-7wwv-vh3v-89cq
was published
for
@highlightjs/cdn-assets
(npm)
Dec 4, 2020
URL parsing in node-forge could lead to undesired behavior.
Low
GHSA-gf8q-jrpm-jvxq
was published
for
node-forge
(npm)
Jan 8, 2022
URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect
High
CVE-2022-24794
was published
for
express-openid-connect
(npm)
Mar 31, 2022
YARP Denial of Service Vulnerability
High
CVE-2022-26924
was published
for
Yarp.ReverseProxy
(NuGet)
Apr 22, 2022
OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser
High
CVE-2022-29546
was published
for
net.sourceforge.htmlunit:neko-htmlunit
(Maven)
Apr 26, 2022
Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader
High
CVE-2020-28472
was published
for
@aws-sdk/shared-ini-file-loader
(npm)
Nov 16, 2021
Arbitrary filesystem write access from velocity.
High
CVE-2022-24897
was published
for
org.xwiki.commons:xwiki-commons-velocity
(Maven)
Apr 28, 2022
Shescape vulnerable to insufficient escaping of whitespace
Critical
CVE-2022-31180
was published
for
shescape
(npm)
Jul 15, 2022
Improper path handling in kustomization files allows path traversal
Critical
CVE-2022-24877
was published
for
github.com/fluxcd/flux2
(Go)
May 4, 2022
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter
High
CVE-2022-24901
was published
for
parse-server
(npm)
May 4, 2022
Code injection in Apache NiFi and NiFi Registry
High
CVE-2022-33140
was published
for
org.apache.nifi.registry:nifi-registry-core
(Maven)
Jun 16, 2022
Improper Privilege Management in Mattermost
Moderate
CVE-2022-1332
was published
for
github.com/mattermost/mattermost-server/v5
(Go)
Apr 14, 2022
Duplicate Advisory: Denial of Service due to parser crash
Low
GHSA-3mq5-fq9h-gj7j
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Sep 17, 2022
•
withdrawn
xmldom allows multiple root nodes in a DOM
Critical
CVE-2022-39353
was published
for
@xmldom/xmldom
(npm)
Nov 1, 2022
Kubernetes vulnerable to validation bypass
High
CVE-2022-3294
was published
for
github.com/kubernetes/kubernetes
(Go)
Mar 1, 2023
Improper Input Validation in GeoServer
High
CVE-2022-24847
was published
for
org.geoserver:gs-main
(Maven)
Apr 22, 2022
Keycloak vulnerable to privilege escalation on Token Exchange feature
Critical
CVE-2022-1245
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 26, 2022
Improper Input Validation in simple_form
Critical
CVE-2019-16676
was published
for
simple_form
(RubyGems)
Sep 30, 2019
Sprockets path traversal leads to information leak
High
CVE-2018-3760
was published
for
sprockets
(RubyGems)
Jun 20, 2018
Duplicate Advisory: Prototype Pollution in jquery
Moderate
CVE-2019-5428
was published
for
jquery
(RubyGems)
Apr 23, 2019
•
withdrawn
node-fetch forwards secure headers to untrusted sites
High
CVE-2022-0235
was published
for
node-fetch
(npm)
Jan 21, 2022
Prototype Pollution in object-path
High
CVE-2021-3805
was published
for
object-path
(npm)
Sep 20, 2021
Possible shell escape sequence injection vulnerability in Rack
Critical
CVE-2022-30123
was published
for
rack
(RubyGems)
May 27, 2022
ProTip!
Advisories are also available from the
GraphQL API