Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,786
Maven
5,000+
npm
4,393
NuGet
772
pip
4,166
Pub
12
RubyGems
965
Rust
1,073
Swift
45
Unreviewed advisories
All unreviewed
5,000+

25,204 advisories

Loading
Frontier's modexp precompile is slow for even modulus High
CVE-2023-28431 was published for pallet-evm-precompile-modexp (Rust) Mar 21, 2023
guidovranken
Credited to guidovranken
Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True` High
CVE-2023-28117 was published for sentry-sdk (pip) Mar 21, 2023
`cilium-cli` disables etcd authorization for clustermesh clusters Moderate
CVE-2023-28114 was published for github.com/cilium/cilium-cli (Go) Mar 21, 2023
giorio94
Credited to giorio94
Xuxueli xxl-job allows attacker to obtain sensitive information via the pageList parameter High
CVE-2023-27087 was published for com.xuxueli:xxl-job (Maven) Mar 21, 2023
weixin-python XML External Entity vulnerability Critical
CVE-2018-25082 was published for weixin-python (pip) Mar 21, 2023
Teampass SQL Injection vulnerability High
CVE-2023-1545 was published for nilsteampassnet/teampass (Composer) Mar 21, 2023
Answer vulnerable to Authentication Bypass by Capture-replay Critical
CVE-2023-1537 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer has Observable Response Discrepancy Moderate
CVE-2023-1540 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer has Observable Timing Discrepancy Moderate
CVE-2023-1538 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-1536 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer vulnerable to Business Logic Errors Moderate
CVE-2023-1542 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-1535 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer has Guessable CAPTCHA Moderate
CVE-2023-1539 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer vulnerable to Business Logic Errors Low
CVE-2023-1541 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer vulnerable to Insufficient Session Expiration High
CVE-2023-1543 was published for github.com/answerdev/answer (Go) Mar 21, 2023
CairoSVG improperly processes SVG files loaded from external resources High
CVE-2023-27586 was published for CairoSVG (pip) Mar 20, 2023
Im10n
Credited to Im10n
kaml has potential denial of service while parsing input with anchors and aliases High
CVE-2023-28118 was published for com.charleskorn.kaml:kaml (Maven) Mar 20, 2023
gdude2002
Credited to gdude2002
NULL pointer derefernce in `stb_image` Moderate
GHSA-ppjr-267j-5p9x was published for stb_image (Rust) Mar 20, 2023
svg-sanitizer has Cross-site Scripting Bypass Moderate
CVE-2023-28426 was published for enshrined/svg-sanitize (Composer) Mar 20, 2023 withdrawn
Im10n ohader
Credited to Im10n and ohader
Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field Moderate
CVE-2023-28429 was published for pimcore/pimcore (Composer) Mar 20, 2023
Pimcore vulnerable to Cross-site Scripting (XSS) in Redirects Moderate
CVE-2023-1515 was published for pimcore/pimcore (Composer) Mar 20, 2023
khanhchauminh
Credited to khanhchauminh
Pimcore has Cross site Scripting vulnerability in Schedule tab of Documents Moderate
CVE-2023-1517 was published for pimcore/pimcore (Composer) Mar 20, 2023
khanhchauminh
Credited to khanhchauminh
Apache Sling Resource Merger has Excessive Iteration vulnerability High
CVE-2023-26513 was published for org.apache.sling:org.apache.sling.resourcemerger (Maven) Mar 20, 2023
imgproxy Cross-site Scripting vulnerability Moderate
CVE-2023-1496 was published for github.com/imgproxy/imgproxy/v3 (Go) Mar 19, 2023
jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode High
CVE-2021-46877 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 19, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database