Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,786
Maven
5,000+
npm
4,393
NuGet
772
pip
4,166
Pub
12
RubyGems
965
Rust
1,073
Swift
45
Unreviewed advisories
All unreviewed
5,000+

25,204 advisories

Loading
Ansible Semaphore mishandles authentication Critical
CVE-2023-28609 was published for github.com/ansible-semaphore/semaphore (Go) Mar 18, 2023
Collection.js vulnerable to Prototype Pollution High
CVE-2023-26113 was published for collection.js (npm) Mar 18, 2023
PHAR deserialization allowing remote code execution Critical
CVE-2023-28115 was published for knplabs/knp-snappy (Composer) Mar 17, 2023
psmoros nightfury99
Credited to psmoros and nightfury99
Cilium eBPF filters may be temporarily removed during agent restart Moderate
CVE-2023-27595 was published for github.com/cilium/cilium (Go) Mar 17, 2023
ldelossa ti-mo
aanm
Credited to ldelossa, ti-mo, and aanm
Potential network policy bypass when routing IPv6 traffic Moderate
CVE-2023-27594 was published for github.com/cilium/cilium (Go) Mar 17, 2023
ysksuzuki
Credited to ysksuzuki
cilium-agent container can access the host via `hostPath` mount Moderate
CVE-2023-27593 was published for github.com/cilium/cilium (Go) Mar 17, 2023
tasoskoutlis-f3 daniel-f3
mag-ocz
Credited to tasoskoutlis-f3, daniel-f3, and mag-ocz
Improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model High
CVE-2023-28108 was published for pimcore/pimcore (Composer) Mar 17, 2023
Cross-site Scripting (XSS) in UrlSlug Data type Moderate
CVE-2023-28106 was published for pimcore/pimcore (Composer) Mar 17, 2023
Authorization Bypass Through User-Controlled Key play-with-docker Moderate
CVE-2023-28109 was published for github.com/play-with-docker/play-with-docker (Go) Mar 17, 2023
cokeBeer
Credited to cokeBeer
Streamlit publishes previously-patched Cross-site Scripting vulnerability Moderate
CVE-2023-27494 was published for streamlit (pip) Mar 17, 2023
russh may use insecure Diffie-Hellman keys Moderate
CVE-2023-28113 was published for russh (Rust) Mar 17, 2023
Holzhaus lambdafu
Credited to Holzhaus and lambdafu
Improper Authorization in nilsteampassnet/teampass Moderate
CVE-2023-1463 was published for nilsteampassnet/teampass (Composer) Mar 17, 2023
jeecg-boot SQL Injection vulnerability Critical
CVE-2023-1454 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Mar 17, 2023
Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails Moderate
CVE-2014-4920 was published for twitter-bootstrap-rails (RubyGems) Mar 16, 2023
Reflected XSS in Application Logger module Moderate
GHSA-2xpm-cmvw-3jcc was published for pimcore/pimcore (Composer) Mar 16, 2023
khanhchauminh
Credited to khanhchauminh
Cross-site Scripting (XSS) in Document Types Moderate
CVE-2023-1429 was published for pimcore/pimcore (Composer) Mar 16, 2023
khanhchauminh
Credited to khanhchauminh
Cross-site Scripting (XSS) - stored in Print Documents Moderate
GHSA-rrwm-8wqm-gwgv was published for pimcore/pimcore (Composer) Mar 16, 2023
vishnuraj-r
Credited to vishnuraj-r
Go-huge-util vulnerable to path traversal when unzipping files High
CVE-2023-28105 was published for github.com/dablelv/go-huge-util (Go) Mar 16, 2023
cokeBeer
Credited to cokeBeer
DDOS attack on graphql endpoints High
CVE-2023-28104 was published for silverstripe/graphql (Composer) Mar 16, 2023
GuySartorelli
Credited to GuySartorelli
Authelia allows open redirects on the logout endpoint Moderate
CVE-2021-29456 was published for github.com/authelia/authelia/v4 (Go) Mar 16, 2023
jonbayl
Credited to jonbayl
On a compromised node, the virt-handler service account can be used to modify all node specs High
CVE-2023-26484 was published for kubevirt.io/kubevirt (Go) Mar 16, 2023
younaman XDTG
Credited to younaman and XDTG
Server-Side Request Forgery in Request Moderate
CVE-2023-28155 was published for @cypress/request (npm) Mar 16, 2023
NikoRaisanen G-Rath
Credited to NikoRaisanen and G-Rath
Exposure of Sensitive Information in OpenGoofy Hippo4j Moderate
CVE-2023-27095 was published for cn.hippo4j:hippo4j-core (Maven) Mar 16, 2023
Possible Denial of Service Vulnerability in Rack's header parsing Low
CVE-2023-27539 was published for rack (RubyGems) Mar 15, 2023
G-Rath
Credited to G-Rath
Possible XSS Security Vulnerability in SafeBuffer#bytesplice Moderate
CVE-2023-28120 was published for activesupport (RubyGems) Mar 15, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database