Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,638 advisories

Loading
Improper Control of Generation of Code in Twig rendered views High
CVE-2023-2017 was published for shopware/core (Composer) Apr 18, 2023
Creastery
Credited to Creastery
@nuxtlabs/github-module made Use of Hard-coded Credentials Critical
CVE-2023-2138 was published for @nuxtlabs/github-module (npm) Apr 18, 2023
Apache Superset vulnerable to Improper Authorization Moderate
CVE-2023-27525 was published for apache-superset (pip) Apr 17, 2023
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated Moderate
CVE-2023-30541 was published for @openzeppelin/contracts (npm) Apr 17, 2023
MarkLee131
Credited to MarkLee131
Parsing borsh messages with ZST which are not-copy/clone is unsound Moderate
GHSA-fjx5-qpf4-xjf2 was published for borsh (Rust) Apr 17, 2023
Apache IoTDB Grafana Connector vulnerable to Improper Authentication Critical
CVE-2023-24831 was published for apache-iotdb (Maven) Apr 17, 2023
Apache Spark vulnerable to Improper Privilege Management Critical
CVE-2023-22946 was published for org.apache.spark:spark-core_2.12 (Maven) Apr 17, 2023
pan3793
Credited to pan3793
Mailman Core vulnerable to timing attacks High
CVE-2021-34337 was published for mailman (pip) Apr 15, 2023
alextselegidis/easyappointments vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-2102 was published for alextselegidis/easyappointments (Composer) Apr 15, 2023
Improper Restriction of Excessive Authentication Attempts in calibreweb Moderate
CVE-2022-2525 was published for calibreweb (pip) Apr 15, 2023
alextselegidis/easyappointments Session Fixation vulnerability Moderate
CVE-2023-2105 was published for alextselegidis/easyappointments (Composer) Apr 15, 2023
alextselegidis/easyappointments Improper Access Control vulnerability Moderate
CVE-2023-2104 was published for alextselegidis/easyappointments (Composer) Apr 15, 2023
alextselegidis/easyappointments vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-2103 was published for alextselegidis/easyappointments (Composer) Apr 15, 2023
Weak Password Requirements in calibreweb High
CVE-2023-2106 was published for calibreweb (pip) Apr 15, 2023
Snowflake JDBC vulnerable to command injection via SSO URL authentication High
CVE-2023-30535 was published for net.snowflake:snowflake-jdbc (Maven) Apr 14, 2023
matrix-js-sdk vulnerable to invisible eavesdropping in group calls Moderate
CVE-2023-29529 was published for matrix-js-sdk (npm) Apr 14, 2023
froxlor/froxlor vulnerable to unrestricted upload of file with dangerous type Critical
CVE-2023-2034 was published for froxlor/froxlor (Composer) Apr 14, 2023
Spring Session session ID can be logged to the standard output stream Moderate
CVE-2023-20866 was published for org.springframework.session:spring-session-core (Maven) Apr 13, 2023
Spring Framework vulnerable to denial of service High
CVE-2023-20863 was published for org.springframework:spring-expression (Maven) Apr 13, 2023
amita-seal sunSUNQ
Credited to amita-seal and sunSUNQ
SpiceDB binding metrics port to untrusted networks and can leak command-line flags High
CVE-2023-29193 was published for github.com/authzed/spicedb (Go) Apr 13, 2023
amit-laish
Credited to amit-laish
nilsteampassnet/teampass vulnerable to stored cross-site scripting (XSS) Moderate
CVE-2023-2021 was published for nilsteampassnet/teampass (Composer) Apr 13, 2023
Apache Sling Engine vulnerable to cross-site scripting (XSS) that can lead to privilege escalation High
CVE-2022-45064 was published for org.apache.sling:org.apache.sling.engine (Maven) Apr 13, 2023
Microweber vulnerable to cross-site scripting (XSS) Moderate
CVE-2023-2014 was published for microweber/microweber (Composer) Apr 13, 2023
Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro High
CVE-2023-29207 was published for org.xwiki.platform:xwiki-platform-flamingo (Maven) Apr 12, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-29199 was published for vm2 (npm) Apr 12, 2023
leesh3288
Credited to leesh3288
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database