Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,600 advisories

Loading
Answer has Guessable CAPTCHA Moderate
CVE-2023-1539 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-1536 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-1535 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer vulnerable to Business Logic Errors Moderate
CVE-2023-1542 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer vulnerable to Insufficient Session Expiration High
CVE-2023-1543 was published for github.com/answerdev/answer (Go) Mar 21, 2023
CairoSVG improperly processes SVG files loaded from external resources High
CVE-2023-27586 was published for CairoSVG (pip) Mar 20, 2023
Cyxow
Credited to Cyxow
kaml has potential denial of service while parsing input with anchors and aliases High
CVE-2023-28118 was published for com.charleskorn.kaml:kaml (Maven) Mar 20, 2023
gdude2002
Credited to gdude2002
NULL pointer derefernce in `stb_image` Moderate
GHSA-ppjr-267j-5p9x was published for stb_image (Rust) Mar 20, 2023
svg-sanitizer has Cross-site Scripting Bypass Moderate
CVE-2023-28426 was published for enshrined/svg-sanitize (Composer) Mar 20, 2023 withdrawn
Cyxow ohader
Credited to Cyxow and ohader
Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field Moderate
CVE-2023-28429 was published for pimcore/pimcore (Composer) Mar 20, 2023
Pimcore vulnerable to Cross-site Scripting (XSS) in Redirects Moderate
CVE-2023-1515 was published for pimcore/pimcore (Composer) Mar 20, 2023
khanhchauminh
Credited to khanhchauminh
Pimcore has Cross site Scripting vulnerability in Schedule tab of Documents Moderate
CVE-2023-1517 was published for pimcore/pimcore (Composer) Mar 20, 2023
khanhchauminh
Credited to khanhchauminh
Apache Sling Resource Merger has Excessive Iteration vulnerability High
CVE-2023-26513 was published for org.apache.sling:org.apache.sling.resourcemerger (Maven) Mar 20, 2023
imgproxy Cross-site Scripting vulnerability Moderate
CVE-2023-1496 was published for github.com/imgproxy/imgproxy/v3 (Go) Mar 19, 2023
jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode High
CVE-2021-46877 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 19, 2023
Ansible Semaphore mishandles authentication Critical
CVE-2023-28609 was published for github.com/ansible-semaphore/semaphore (Go) Mar 18, 2023
Collection.js vulnerable to Prototype Pollution High
CVE-2023-26113 was published for collection.js (npm) Mar 18, 2023
PHAR deserialization allowing remote code execution Critical
CVE-2023-28115 was published for knplabs/knp-snappy (Composer) Mar 17, 2023
psmoros nightfury99
Credited to psmoros and nightfury99
Cilium eBPF filters may be temporarily removed during agent restart Moderate
CVE-2023-27595 was published for github.com/cilium/cilium (Go) Mar 17, 2023
ldelossa ti-mo
aanm
Credited to ldelossa, ti-mo, and aanm
Potential network policy bypass when routing IPv6 traffic Moderate
CVE-2023-27594 was published for github.com/cilium/cilium (Go) Mar 17, 2023
ysksuzuki
Credited to ysksuzuki
cilium-agent container can access the host via `hostPath` mount Moderate
CVE-2023-27593 was published for github.com/cilium/cilium (Go) Mar 17, 2023
tasoskoutlis-f3 daniel-f3
mag-ocz
Credited to tasoskoutlis-f3, daniel-f3, and mag-ocz
Improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model High
CVE-2023-28108 was published for pimcore/pimcore (Composer) Mar 17, 2023
Cross-site Scripting (XSS) in UrlSlug Data type Moderate
CVE-2023-28106 was published for pimcore/pimcore (Composer) Mar 17, 2023
Authorization Bypass Through User-Controlled Key play-with-docker Moderate
CVE-2023-28109 was published for github.com/play-with-docker/play-with-docker (Go) Mar 17, 2023
cokeBeer
Credited to cokeBeer
Streamlit publishes previously-patched Cross-site Scripting vulnerability Moderate
CVE-2023-27494 was published for streamlit (pip) Mar 17, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database