Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,475 advisories

Loading
Run Shell Command allows Cross-Site Request Forgery Critical
CVE-2023-48292 was published for org.xwiki.contrib:xwiki-application-admintools (Maven) Nov 20, 2023
Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest service High
CVE-2023-48241 was published for org.xwiki.platform:xwiki-platform-search-solr-query (Maven) Nov 20, 2023
Cookies are sent to external images in rendered diff (and server side request forgery) Critical
CVE-2023-48240 was published for org.xwiki.platform:xwiki-platform-diff-xml (Maven) Nov 20, 2023
JWT Algorithm Confusion Moderate
CVE-2023-48223 was published for fast-jwt (npm) Nov 20, 2023
PinkDraconian Credited to PinkDraconian
Apache Derby: LDAP injection vulnerability in authenticator Critical
CVE-2022-46337 was published for org.apache.derby:derby (Maven) Nov 20, 2023
pdeslaur Credited to pdeslaur
Deserialization of Untrusted Data in apache-submarine Critical
CVE-2023-46302 was published for apache-submarine (pip) Nov 20, 2023
Cross-site Scripting in OpenCRX Moderate
CVE-2023-40814 was published for org.opencrx:opencrx-core-models (Maven) Nov 18, 2023
Cross-site Scripting in OpenCRX Moderate
CVE-2023-40817 was published for org.opencrx:opencrx-core-models (Maven) Nov 18, 2023
Cross-site Scripting in OpenCRX Moderate
CVE-2023-40816 was published for org.opencrx:opencrx-core-models (Maven) Nov 18, 2023
Cross-site Scripting in OpenCRX Moderate
CVE-2023-40813 was published for org.opencrx:opencrx-core-models (Maven) Nov 18, 2023
MarkLee131 Credited to MarkLee131
Cross-site Scripting in OpenCRX Moderate
CVE-2023-40815 was published for org.opencrx:opencrx-core-models (Maven) Nov 18, 2023
Cross-site Scripting in OpenCRX Moderate
CVE-2023-40810 was published for org.opencrx:opencrx-core-models (Maven) Nov 18, 2023
Cross-site Scripting in OpenCRX Moderate
CVE-2023-40812 was published for org.opencrx:opencrx-core-models (Maven) Nov 18, 2023
Cross-site Scripting in OpenCRX Moderate
CVE-2023-40809 was published for org.opencrx:opencrx-core-models (Maven) Nov 18, 2023
Inefficient Regular Expression Complexity in git-urls High
CVE-2023-46402 was published for github.com/whilp/git-urls (Go) Nov 18, 2023
json-web-token library is vulnerable to a JWT algorithm confusion attack High
CVE-2023-48238 was published for json-web-token (npm) Nov 17, 2023
PinkDraconian Credited to PinkDraconian
LibreNMS has Broken Access control on Graphs Feature Moderate
CVE-2023-48294 was published for librenms/librenms (Composer) Nov 17, 2023
rook1337 Credited to rook1337
LibreNMS Cross-site Scripting at Device groups Deletion feature Moderate
CVE-2023-48295 was published for librenms/librenms (Composer) Nov 17, 2023
rook1337 Credited to rook1337
@vendure/core's insecure currencyCode handling allows wrong payment amounts Moderate
GHSA-wm63-7627-ch33 was published for @vendure/core (npm) Nov 17, 2023
seminarian Credited to seminarian
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file Critical
GHSA-x563-6hqv-26mr was published for ibis-framework (pip) Nov 17, 2023
pitrou Credited to pitrou
LibreNMS vulnerable to rate limiting bypass on login page Moderate
CVE-2023-46745 was published for librenms/librenms (Composer) Nov 17, 2023
rook1337 Credited to rook1337
Liferay Portal XSS with `p_l_back_url_title` on edit content page Critical
CVE-2023-47797 was published for com.liferay.portal:release.portal.bom (Maven) Nov 17, 2023
Concrete CMS allows unauthorized access because directories can be created with insecure permissions Moderate
CVE-2023-48648 was published for concrete5/concrete5 (Composer) Nov 17, 2023
Concrete CMS Cross-site Scripting vulnerability Low
CVE-2023-48649 was published for concrete5/concrete5 (Composer) Nov 17, 2023
Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component High
CVE-2023-47025 was published for github.com/free5gc/free5gc (Go) Nov 17, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database