Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,603 advisories

Loading
Karate has vulnerable dependency on json-smart package (CVE-2023-1370) High
GHSA-5x5q-8cgm-2hjq was published for com.intuit.karate:karate-core (Maven) Mar 31, 2023
kdefives
Credited to kdefives
X-Forwarded-For header allows brute-forcing autoblocked IP addresses Critical
CVE-2023-29141 was published for mediawiki/core (Composer) Mar 31, 2023
Rudloff
Credited to Rudloff
Appwrite Server-Side Request Forgery vulnerability High
CVE-2023-27159 was published for appwrite/server-ce (Composer) Mar 31, 2023
request-baskets vulnerable to Server-Side Request Forgery Moderate
CVE-2023-27163 was published for github.com/darklynx/request-baskets (Go) Mar 31, 2023
OpenAPI Generator vulnerable to Server-Side Request Forgery Critical
CVE-2023-27162 was published for org.openapitools:openapi-generator-project (Maven) Mar 31, 2023
jeecg-boot vulnerable to improper authentication Critical
CVE-2023-1784 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Mar 31, 2023
zstd vulnerable to buffer overrun High
CVE-2022-4899 was published for github.com/facebook/zstd (pip) Mar 31, 2023
Stud42 vulnerable to denial of service High
GHSA-3hwm-922r-47hw was published for atomys.codes/stud42 (Go) Mar 31, 2023
nullswan 42atomys
Credited to nullswan and 42atomys
Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings Moderate
CVE-2023-1701 was published for pimcore/pimcore (Composer) Mar 31, 2023
nhaanhaa
Credited to nhaanhaa
Pimcore Cross-site Scripting in Predefined Asset Metadata module in Settings Moderate
CVE-2023-1702 was published for pimcore/pimcore (Composer) Mar 31, 2023
nhaanhaa
Credited to nhaanhaa
pimcore is vulnerable to cross-site scripting in translate module Moderate
CVE-2023-1704 was published for pimcore/pimcore (Composer) Mar 31, 2023
ghostbit11
Credited to ghostbit11
Mattermost vulnerable to cross-site scripting (XSS) Moderate
CVE-2023-1776 was published for github.com/mattermost/mattermost-server (Go) Mar 31, 2023
Mattermost fails to properly authentication inviter's permissions to private channel Moderate
CVE-2023-1774 was published for github.com/mattermost/mattermost-server (Go) Mar 31, 2023
Mattermost vulnerable to information disclosure Moderate
CVE-2023-1775 was published for github.com/mattermost/mattermost-server (Go) Mar 31, 2023
Mattermost vulnerable to information disclosure Moderate
CVE-2023-1777 was published for github.com/mattermost/mattermost-server (Go) Mar 31, 2023
Ruby Time component ReDoS issue High
CVE-2023-28756 was published for time (RubyGems) Mar 31, 2023
Ruby URI component ReDoS issue High
CVE-2023-28755 was published for uri (RubyGems) Mar 31, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-1760 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
phpMyFAQ Cross-site Scripting vulnerability Moderate
CVE-2023-1755 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
phpMyFAQ has weak password requirements Moderate
CVE-2023-1753 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-1759 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
phpMyFAQ vulnerable to improper input validation Moderate
CVE-2023-1754 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
phpMyFAQ Code Injection vulnerability Moderate
CVE-2023-1761 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
aruneko
Credited to aruneko
thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management High
CVE-2023-1762 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
jeecg-boot vulnerable to SQL injection Critical
CVE-2023-1741 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Mar 31, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database