GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
34 advisories
Code injection in Apache NiFi and NiFi Registry
High
CVE-2022-33140
was published
for
org.apache.nifi.registry:nifi-registry-core
(Maven)
Jun 16, 2022
Denial of service in Open Policy Agent
High
CVE-2022-33082
was published
for
github.com/open-policy-agent/opa
(Go)
Jul 1, 2022
Shescape vulnerable to insufficient escaping of whitespace
Critical
CVE-2022-31180
was published
for
shescape
(npm)
Jul 15, 2022
Duplicate Advisory: Denial of Service due to parser crash
Low
GHSA-3mq5-fq9h-gj7j
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Sep 17, 2022
•
withdrawn
Insufficient validation when decoding a Socket.IO packet
Critical
CVE-2022-2421
was published
for
socket.io-parser
(npm)
Oct 26, 2022
xmldom allows multiple root nodes in a DOM
Critical
CVE-2022-39353
was published
for
@xmldom/xmldom
(npm)
Nov 1, 2022
Apache Spark vulnerable to Log Injection
Moderate
CVE-2022-31777
was published
for
org.apache.spark:spark-core
(Maven)
Nov 1, 2022
SQL Injection Vulnerability via ActiveRecord comments
High
CVE-2023-22794
was published
for
activerecord
(RubyGems)
Jan 18, 2023
Kubernetes vulnerable to validation bypass
High
CVE-2022-3294
was published
for
github.com/kubernetes/kubernetes
(Go)
Mar 1, 2023
ProTip!
Advisories are also available from the
GraphQL API