Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

26,244 advisories

Loading
Apache Airflow Hive Provider Beeline remote code execution with Principal Critical
CVE-2023-35797 was published for apache-airflow-providers-apache-hive (pip) Jul 3, 2023
tough-cookie Prototype Pollution vulnerability Moderate
CVE-2023-26136 was published for tough-cookie (npm) Jul 1, 2023
axi92
Credited to axi92
llhttp vulnerable to HTTP request smuggling High
CVE-2023-30589 was published for llhttp (npm) Jul 1, 2023
Remote Code Execution for 2.4.1 and earlier Critical
CVE-2023-36812 was published for net.opentsdb:opentsdb (Maven) Jun 30, 2023
oxeye-daniel oxeye-gal
Credited to oxeye-daniel and oxeye-gal
PyPDF2 vulnerable to possible Infinite Loop when reading malformed objects Moderate
CVE-2023-36807 was published for PyPDF2 (pip) Jun 30, 2023
MartinThoma
Credited to MartinThoma
PyPDF2 quadratic runtime with malformed PDF missing xref marker Moderate
CVE-2023-36810 was published for PyPDF2 (pip) Jun 30, 2023
github.com/cosmos/cosmos-sdk's x/crisis does not charge ConstantFee Low
GHSA-w5w5-2882-47pc was published for github.com/cosmos/cosmos-sdk (Go) Jun 30, 2023
ahook
Credited to ahook
s2n-quic potential denial of service vulnerability when receiving empty UDP packets Moderate
GHSA-hxq4-mx37-fqvg was published for s2n-quic (Rust) Jun 30, 2023
pipreqs vulnerable to Dependency Confusion Critical
CVE-2023-31543 was published for pipreqs (pip) Jun 30, 2023
hnswlib Double Free vulnerability Moderate
CVE-2023-37365 was published for hnswlib (pip) Jun 30, 2023
Upgrading doesn't prevent exploiting vulnerable XWiki documents Critical
CVE-2023-36468 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 30, 2023
XWiki Platform vulnerable to Code injection through NotificationRSSService Critical
CVE-2023-36469 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Jun 30, 2023
XWiki Platform vulnerable to Code Injection in icon themes Critical
CVE-2023-36470 was published for org.xwiki.platform:xwiki-platform-icon-default (Maven) Jun 30, 2023
org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted Critical
CVE-2023-36471 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Jun 30, 2023
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution Critical
CVE-2023-36475 was published for parse-server (npm) Jun 30, 2023
dblythy mtrezza
Credited to dblythy and mtrezza
XWiki Platform vulnerable to persistent Cross-site Scripting through CKEditor Configuration pages Critical
CVE-2023-36477 was published for org.xwiki.contrib:application-ckeditor-ui (Maven) Jun 30, 2023
Sealos billing system permission control defect High
CVE-2023-36815 was published for github.com/labring/sealos (Go) Jun 30, 2023
DVKunion
Credited to DVKunion
WPGraphQL Plugin vulnerable to Server Side Request Forgery (SSRF) Moderate
CVE-2023-23684 was published for wp-graphql/wp-graphql (Composer) Jun 30, 2023
pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character Moderate
CVE-2023-36464 was published for PyPDF2 (pip) Jun 30, 2023
exiledkingcc
Credited to exiledkingcc
Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients High
CVE-2023-2422 was published for org.keycloak:keycloak-services (Maven) Jun 30, 2023
artsploit
Credited to artsploit
Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC Critical
CVE-2022-4361 was published for org.keycloak:keycloak-services (Maven) Jun 30, 2023
magicOz
Credited to magicOz
Keycloak Untrusted Certificate Validation vulnerability Moderate
CVE-2023-1664 was published for org.keycloak:keycloak-core (Maven) Jun 30, 2023
Client Spoofing within the Keycloak Device Authorisation Grant Low
CVE-2023-2585 was published for org.keycloak:keycloak-server-spi-private (Maven) Jun 30, 2023
Improper configuration of RBAC permissions obtaining cluster control permissions Critical
CVE-2023-33190 was published for github.com/labring/sealos (Go) Jun 30, 2023
DVKunion
Credited to DVKunion
atty potential unaligned read Low
GHSA-g98v-hv3f-hcfr was published for atty (Rust) Jun 30, 2023
SamirTalwar typecasto
Credited to SamirTalwar and typecasto
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database