Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,762
NuGet
678
pip
3,447
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

378 advisories

Loading
Minder trusts client-provided mapping from repo name to upstream ID Moderate
CVE-2024-27093 was published for github.com/stacklok/minder (Go) Feb 26, 2024
evankanderson
ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module Moderate
GHSA-4j93-fm92-rp4m was published for github.com/cosmos/cosmos-sdk (Go) Feb 21, 2024
dongsam sushiwushi
Privilege escalation for users that can access mock configuration Moderate
CVE-2023-6395 was published for templated_dictionary (pip) Jan 16, 2024
Duplicate Advisory: Microsoft Identity Denial of service vulnerability Moderate
GHSA-8g9c-28fc-mcx2 was published for Microsoft.IdentityModel.JsonWebTokens (NuGet) Jan 9, 2024 withdrawn
morganbr brentschmaltz
GeoK keegan-caruso jennyf19 jmprieur
class.upload.php allows cross-site scripting attacks via uploaded files Moderate
CVE-2023-6551 was published for verot/class.upload.php (Composer) Jan 4, 2024
Follow Redirects improperly handles URLs in the url.parse() function Moderate
CVE-2023-26159 was published for follow-redirects (npm) Jan 2, 2024
iainsproat
WSO2 API Manager allows attackers to change the API rating Moderate
CVE-2023-6835 was published for org.wso2.carbon.apimgt:forum (Maven) Dec 15, 2023
Cube API denial of service attack Moderate
CVE-2023-50709 was published for @cubejs-backend/api-gateway (npm) Dec 13, 2023
Denial of service caused by infinite recursion when parsing SVG images Moderate
CVE-2023-50262 was published for dompdf/dompdf (Composer) Dec 13, 2023
cod3beat
Improper Input Validation in mindsdb Moderate
CVE-2023-49796 was published for mindsdb (pip) Dec 12, 2023
sylwia-budzynska
DockerSpawner allows any image by default Moderate
CVE-2023-48311 was published for dockerspawner (pip) Dec 8, 2023
Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass Moderate
CVE-2023-47106 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
Benasin
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity Moderate
CVE-2023-48631 was published for @adobe/css-tools (npm) Nov 30, 2023
aiohttp's ClientSession is vulnerable to CRLF injection via version Moderate
CVE-2023-49081 was published for aiohttp (pip) Nov 27, 2023
jnovikov
aiohttp's ClientSession is vulnerable to CRLF injection via method Moderate
CVE-2023-49082 was published for aiohttp (pip) Nov 27, 2023
jnovikov
JWT Algorithm Confusion Moderate
CVE-2023-48223 was published for fast-jwt (npm) Nov 20, 2023
PinkDraconian
OpenNMS Cross-site Scripting vulnerability Moderate
CVE-2023-40314 was published for org.opennms:opennms-webapp (Maven) Nov 17, 2023
Eclipse Glassfish remote code execution issue Moderate
CVE-2023-5763 was published for org.glassfish.main.orb:orb-connector (Maven) Nov 3, 2023
Eclipse Parsson Denial of Service vulnerability Moderate
CVE-2023-4043 was published for org.eclipse.parsson:project (Maven) Nov 3, 2023
Improper Input Validation in vriteio/vrite Moderate
CVE-2023-5571 was published for @vrite/sdk (npm) Oct 13, 2023
Apache Tomcat Improper Input Validation vulnerability Moderate
CVE-2023-45648 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 10, 2023
biehl1 mpihelgas
Microsoft Common Data Model SDK Denial of Service Vulnerability Moderate
CVE-2023-36566 was published for Microsoft.CommonDataModel.ObjectModel (Maven) Oct 10, 2023
degant
Improper Input Validation in nocodb Moderate
CVE-2023-5104 was published for nocodb (npm) Sep 21, 2023
HashiCorp Vault Improper Input Validation vulnerability Moderate
CVE-2023-4680 was published for github.com/hashicorp/vault (Go) Sep 15, 2023
Apache Commons Compress denial of service vulnerability Moderate
CVE-2023-42503 was published for org.apache.commons:commons-compress (Maven) Sep 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database