Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,912 advisories

Loading
Apache Commons FileUpload denial of service vulnerability High
CVE-2023-24998 was published for commons-fileupload:commons-fileupload (Maven) Feb 20, 2023
sunSUNQ westonsteimel
Credited to sunSUNQ and westonsteimel
dd-plist XML External Entitly vulnerability High
CVE-2016-15026 was published for com.googlecode.plist:dd-plist (Maven) Feb 20, 2023
generator-hottowel Cross-site Scripting vulnerability Moderate
CVE-2016-15025 was published for generator-hottowel (npm) Feb 20, 2023
java-xmlbuilder vulnerable to XML External Entity Reference Critical
CVE-2014-125087 was published for com.jamesmurty.utils:java-xmlbuilder (Maven) Feb 19, 2023
Pixelfed may allow unauthorized actor to view private posts Moderate
CVE-2023-0914 was published for pixelfed/pixelfed (Composer) Feb 19, 2023
Pixelfed allows user enumeration via reset password functionality Moderate
CVE-2023-0901 was published for pixelfed/pixelfed (Composer) Feb 18, 2023
Cross-site Scripting in jspreadsheet Moderate
CVE-2022-48115 was published for jspreadsheet-ce (npm) Feb 18, 2023
Stored cross site scripting in changedetection.io Moderate
CVE-2023-24769 was published for changedetection.io (pip) Feb 18, 2023
edoardottt
Credited to edoardottt
Duplicate Advisory: Insecure Temporary File in RESTEasy Moderate
GHSA-jrmh-v64j-mjm9 was published for org.jboss.resteasy:resteasy-core (Maven) Feb 18, 2023 withdrawn
dovezp
Credited to dovezp
Moodle Cross-site Scripting vulnerability Moderate
CVE-2023-23922 was published for moodle/moodle (Composer) Feb 17, 2023
Moodle Cross-site Scripting vulnerability Moderate
CVE-2023-23921 was published for moodle/moodle (Composer) Feb 17, 2023
Moodle Improper Access Control vulnerability High
CVE-2023-23923 was published for moodle/moodle (Composer) Feb 17, 2023
User data in TPM attestation vulnerable to MITM High
GHSA-r2h5-3hgw-8j34 was published for github.com/edgelesssys/constellation/v2 (Go) Feb 17, 2023
Privilege escalation in MOSN Critical
CVE-2021-32163 was published for mosn.io/mosn (Go) Feb 17, 2023
Server-Side Request Forgery in Plone CMS High
CVE-2021-33926 was published for Plone (pip) Feb 17, 2023
golang.org/x/net vulnerable to Uncontrolled Resource Consumption High
CVE-2022-41723 was published for golang.org/x/net (Go) Feb 17, 2023
Uncontrolled Resource Consumption in golang.org/x/image Moderate
CVE-2022-41727 was published for golang.org/x/image (Go) Feb 17, 2023
Code Injection in froxlor/froxlor High
CVE-2023-0877 was published for froxlor/froxlor (Composer) Feb 17, 2023
Misinterpretation of Input in thorsten/phpmyfaq Moderate
CVE-2023-0880 was published for thorsten/phpmyfaq (Composer) Feb 17, 2023
Uncontrolled Resource Consumption in Hashicorp Nomad Moderate
CVE-2023-0821 was published for github.com/hashicorp/nomad (Go) Feb 17, 2023
Data Amplification in HashiCorp go-getter Moderate
CVE-2023-0475 was published for github.com/hashicorp/go-getter (Go) Feb 16, 2023
Users with any cluster secret update access may update out-of-bounds cluster secrets Critical
CVE-2023-23947 was published for github.com/argoproj/argo-cd (Go) Feb 16, 2023
crenshaw-dev
Credited to crenshaw-dev
XML External Entity (XXE) vulnerability in apoc.import.graphml Moderate
CVE-2023-23926 was published for org.neo4j.procedure:apoc-core (Maven) Feb 16, 2023
Lojjs
Credited to Lojjs
CRLF Injection in Nodejs ‘undici’ via host Moderate
CVE-2023-23936 was published for undici (npm) Feb 16, 2023
Regular Expression Denial of Service in Headers High
CVE-2023-24807 was published for undici (npm) Feb 16, 2023
sno2
Credited to sno2
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database