GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
24,603 advisories
Authorization Bypass Through User-Controlled Key play-with-docker
Moderate
CVE-2023-28109
was published
for
github.com/play-with-docker/play-with-docker
(Go)
Mar 17, 2023
russh may use insecure Diffie-Hellman keys
Moderate
CVE-2023-28113
was published
for
russh
(Rust)
Mar 17, 2023
Reflected XSS in Application Logger module
Moderate
GHSA-2xpm-cmvw-3jcc
was published
for
pimcore/pimcore
(Composer)
Mar 16, 2023
Cross-site Scripting (XSS) in Document Types
Moderate
CVE-2023-1429
was published
for
pimcore/pimcore
(Composer)
Mar 16, 2023
Cross-site Scripting (XSS) - stored in Print Documents
Moderate
GHSA-rrwm-8wqm-gwgv
was published
for
pimcore/pimcore
(Composer)
Mar 16, 2023
Go-huge-util vulnerable to path traversal when unzipping files
High
CVE-2023-28105
was published
for
github.com/dablelv/go-huge-util
(Go)
Mar 16, 2023
DDOS attack on graphql endpoints
High
CVE-2023-28104
was published
for
silverstripe/graphql
(Composer)
Mar 16, 2023
Authelia allows open redirects on the logout endpoint
Moderate
CVE-2021-29456
was published
for
github.com/authelia/authelia/v4
(Go)
Mar 16, 2023
On a compromised node, the virt-handler service account can be used to modify all node specs
High
CVE-2023-26484
was published
for
kubevirt.io/kubevirt
(Go)
Mar 16, 2023
Server-Side Request Forgery in Request
Moderate
CVE-2023-28155
was published
for
@cypress/request
(npm)
Mar 16, 2023
Possible Denial of Service Vulnerability in Rack's header parsing
Low
CVE-2023-27539
was published
for
rack
(RubyGems)
Mar 15, 2023
ONOS vulnerable to reflected cross-site scripting
Moderate
CVE-2023-24279
was published
for
org.onosproject:onos-archetypes
(Maven)
Mar 14, 2023
ProTip!
Advisories are also available from the
GraphQL API