Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,614 advisories

Loading
thorsten/phpmyfaq vulnerable to improper access control Moderate
CVE-2023-1883 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to business logic errors High
CVE-2023-1887 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
G-Rath
Credited to G-Rath
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via artlang parameter High
CVE-2023-1880 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via adminlog High
CVE-2023-1878 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via category field name parameter Moderate
CVE-2023-1885 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via HTML export Moderate
CVE-2023-1756 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to cross-site scripting (XSS) via stopword parameter Moderate
CVE-2023-1884 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter Moderate
CVE-2023-1879 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) in FAQ comment username parameter High
CVE-2023-1758 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via FAQ News link parameter High
CVE-2023-1757 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
Microweber vulnerable to stored cross-site scripting (XSS) via X-Forwarded-For header High
CVE-2023-1881 was published for microweber/microweber (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to DOM cross-site scripting (XSS) via configuration privacy note URL parameter High
CVE-2023-1882 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
Microweber vulnerable to command injection Moderate
CVE-2023-1877 was published for microweber/microweber (Composer) Apr 5, 2023
MyBatis-Plus vulnerable to SQL injection via TenantPlugin Critical
CVE-2023-25330 was published for com.baomidou:mybatis-plus (Maven) Apr 5, 2023
LangChain vulnerable to code injection Critical
CVE-2023-29374 was published for langchain (pip) Apr 5, 2023
Uvdesk vulnerable to stored cross-site scripting (XSS) Moderate
CVE-2023-0325 was published for uvdesk/community-skeleton (Composer) Apr 5, 2023
Uvdesk remote code execution vulnerability High
CVE-2023-0265 was published for uvdesk/community-skeleton (Composer) Apr 5, 2023
markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS) High
CVE-2023-0835 was published for markdown-pdf (npm) Apr 5, 2023
SvelteKit vulnerable to Cross-Site Request Forgery High
CVE-2023-29003 was published for @sveltejs/kit (npm) Apr 4, 2023
v1ktor0t benmccann
Conduitry teemingc dominikg
Credited to v1ktor0t, benmccann, Conduitry, teemingc, and dominikg
Docker Swarm encrypted overlay network may be unauthenticated High
CVE-2023-28840 was published for github.com/docker/docker (Go) Apr 4, 2023
corhere quadespresso
cpuguy83 tianon neersighted laurazard akerouanton
Credited to corhere, quadespresso, cpuguy83, tianon, neersighted, laurazard, and akerouanton
Docker Swarm encrypted overlay network traffic may be unencrypted Moderate
CVE-2023-28841 was published for github.com/docker/docker (Go) Apr 4, 2023
corhere cpuguy83
tianon laurazard akerouanton quadespresso neersighted
Credited to corhere, cpuguy83, tianon, laurazard, akerouanton, quadespresso, and neersighted
Docker Swarm encrypted overlay network with a single endpoint is unauthenticated Moderate
CVE-2023-28842 was published for github.com/docker/docker (Go) Apr 4, 2023
corhere neersighted
cpuguy83 tianon quadespresso laurazard akerouanton
Credited to corhere, neersighted, cpuguy83, tianon, quadespresso, laurazard, and akerouanton
Phachon mm-wiki vulnerable to stored cross-site scripting (XSS) Moderate
CVE-2020-19277 was published for github.com/phachon/mm-wiki (Go) Apr 4, 2023
Phachon mm-wiki Cross Site Request Forgery vulnerability High
CVE-2020-19278 was published for github.com/phachon/mm-wiki (Go) Apr 4, 2023
Fluent Fluentd and Fluent-ui use default password High
CVE-2020-21514 was published for fluentd-ui (RubyGems) Apr 4, 2023
kenhys
Credited to kenhys
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database