Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

26,244 advisories

Loading
Jenkins mabl Plugin vulnerable to exposure of system-scooped credentials Moderate
CVE-2023-37951 was published for com.mabl.integration.jenkins:mabl-integration (Maven) Jul 12, 2023
iprange may panic when parsing ranges with invalid masks Moderate
GHSA-f99h-w337-mv56 was published for github.com/malfunkt/iprange (Go) Jul 12, 2023
Pimcore admin UI vulnerable to Cross-site Scripting in 2 factor authentication setup page Moderate
CVE-2023-37280 was published for pimcore/admin-ui-classic-bundle (Composer) Jul 12, 2023
HackerUniverse
Credited to HackerUniverse
Apache Pulsar Incorrect Authorization vulnerability Critical
CVE-2023-30429 was published for org.apache.pulsar:pulsar (Maven) Jul 12, 2023
Apache Pulsar Function Worker Incorrect Authorization vulnerability Moderate
CVE-2023-37579 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Jul 12, 2023
Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization High
CVE-2023-30428 was published for org.apache.pulsar:pulsar-broker (Maven) Jul 12, 2023
Apache Pulsar Broker Improper Authentication vulnerability Moderate
CVE-2023-31007 was published for org.apache.pulsar:pulsar-broker (Maven) Jul 12, 2023
Apache Airflow Incorrect Authorization vulnerability High
CVE-2023-35908 was published for apache-airflow (pip) Jul 12, 2023
sunSUNQ
Credited to sunSUNQ
RocketMQ NameServer component Code Injection vulnerability Critical
CVE-2023-37582 was published for org.apache.rocketmq:rocketmq-namesrv (Maven) Jul 12, 2023
Apache Airflow Path Traversal vulnerability High
CVE-2023-22887 was published for apache-airflow (pip) Jul 12, 2023
sunSUNQ
Credited to sunSUNQ
Apache Airflow Improper Input Validation vulnerability High
CVE-2023-22888 was published for apache-airflow (pip) Jul 12, 2023
Apache Airflow Improper Input Validation vulnerability High
CVE-2023-36543 was published for apache-airflow (pip) Jul 12, 2023
Apache Ambari Expression Language Injection vulnerability High
CVE-2022-42009 was published for org.apache.ambari:ambari (Maven) Jul 12, 2023
Apache Ambari Expression Language Injection vulnerability High
CVE-2022-45855 was published for org.apache.ambari:ambari (Maven) Jul 12, 2023
Apache Airflow information disclosure vulnerability High
CVE-2022-46651 was published for apache-airflow (pip) Jul 12, 2023
Apache Jena Expression Language Injection vulnerability High
CVE-2023-32200 was published for org.apache.jena:jena (Maven) Jul 12, 2023
Decidim Cross-site Scripting vulnerability in the external link redirections Moderate
CVE-2023-32693 was published for decidim (RubyGems) Jul 11, 2023
p- alecslupu
ahukkanen andreslucena
Credited to p-, alecslupu, ahukkanen, and andreslucena
Decidim Cross-site Scripting vulnerability in the processes filter High
CVE-2023-34089 was published for decidim (RubyGems) Jul 11, 2023
Alonsorossi ahukkanen
andreslucena
Credited to Alonsorossi, ahukkanen, and andreslucena
Decidim vulnerable to sensitive data disclosure High
CVE-2023-34090 was published for decidim (RubyGems) Jul 11, 2023
p- ahukkanen
alecslupu
Credited to p-, ahukkanen, and alecslupu
Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution Critical
CVE-2023-36825 was published for orchid/platform (Composer) Jul 11, 2023
catferq
Credited to catferq
Vendure Cross Site Request Forgery vulnerability impacting all API requests Low
GHSA-h9wq-xcqx-mqxm was published for @vendure/core (npm) Jul 11, 2023
Yaniv-git
Credited to Yaniv-git
A stored XSS in jaeger UI might allow an attacker who controls a trace to perform arbitrary jaeger queries Moderate
GHSA-2w8w-qhg4-f78j was published for github.com/jaegertracing/jaeger (Go) Jul 11, 2023
svennergr ngo
Credited to svennergr and ngo
Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability High
CVE-2023-33127 was published for Microsoft.WindowsDesktop.App.Runtime.win-arm64 (NuGet) Jul 11, 2023
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability High
CVE-2023-33170 was published for Microsoft.AspNet.Identity.Owin (NuGet) Jul 11, 2023
DmitriyLewen gillarramendi
Credited to DmitriyLewen and gillarramendi
tarteaucitron.js vulnerable to Cross-site Scripting Moderate
CVE-2023-3620 was published for tarteaucitronjs (npm) Jul 11, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database