Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,600 advisories

Loading
laravel-admin has Arbitrary File Upload vulnerability High
CVE-2023-24249 was published for encore/laravel-admin (Composer) Feb 27, 2023
TeamPass External Control of File Name or Path vulnerability High
CVE-2023-1070 was published for nilsteampassnet/teampass (Composer) Feb 27, 2023
Pimcore vulnerable to Cross-site Scripting Moderate
CVE-2023-1067 was published for pimcore/pimcore (Composer) Feb 27, 2023
frp_form_answers allows Cross-site Scripting Moderate
CVE-2023-26091 was published for frappant/frp-form-answers (Composer) Feb 26, 2023
Duplicate advisory: Deno vulnerable to Regular Expression Denial of Service High
GHSA-xr9w-x6gw-c9mj was published for deno (Rust) Feb 25, 2023 withdrawn
Denial of Service vulnerability in lite-web-server High
CVE-2023-26104 was published for lite-web-server (npm) Feb 25, 2023
lirantal
Credited to lirantal
Froxlor Cross-Site Request Forgery vulnerability High
CVE-2023-1033 was published for froxlor/froxlor (Composer) Feb 25, 2023
ecdh vulnerable to Exposure of Resource to Wrong Sphere High
CVE-2022-44310 was published for ecdh (npm) Feb 24, 2023
Sequelize - Default support for “raw attributes” when using parentheses Critical
CVE-2023-22578 was published for @sequelize/core (npm) Feb 24, 2023
RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions Low
CVE-2023-0481 was published for io.quarkus.resteasy.reactive:resteasy-reactive-common (Maven) Feb 24, 2023
joshbressers
Credited to joshbressers
XML External Entity (XXE) vulnerability in apoc.import.graphml Moderate
GHSA-9vx8-f5c4-862x was published for org.neo4j.procedure:apoc (Maven) Feb 24, 2023
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all Low
GHSA-mc8h-8q98-g5hr was published for remove_dir_all (Rust) Feb 24, 2023
LiteDB may deserialize bad JSON on object type using _type Critical
CVE-2022-23535 was published for LiteDB (NuGet) Feb 24, 2023
Apache Airflow Sqoop Provider Improper Input Validation vulnerability Critical
CVE-2023-25693 was published for apache-airflow-providers-apache-sqoop (pip) Feb 24, 2023
Apache Airflow Google Provider Improper Input Validation vulnerability Critical
CVE-2023-25691 was published for apache-airflow-providers-google (pip) Feb 24, 2023
Apache Airflow Hive Provider Improper Input Validation vulnerability Critical
CVE-2023-25696 was published for apache-airflow-providers-apache-hive (pip) Feb 24, 2023
Apache Airflow Google Provider Improper Input Validation vulnerability High
CVE-2023-25692 was published for apache-airflow-providers-google (pip) Feb 24, 2023
Apache Airflow AWS Provider Generates Error Message Containing Sensitive Information High
CVE-2023-25956 was published for apache-airflow-providers-amazon (pip) Feb 24, 2023
@braintree/sanitize-url Cross-site Scripting vulnerability Moderate
CVE-2022-48345 was published for @braintree/sanitize-url (npm) Feb 24, 2023
rangy vulnerable to Prototype Pollution High
CVE-2023-26102 was published for rangy (npm) Feb 24, 2023
RosarioSIS Improper Access Control vulnerability High
CVE-2023-0994 was published for francoisjacquet/rosariosis (Composer) Feb 24, 2023
Code injection in pdf_info Critical
CVE-2022-36231 was published for pdf_info (RubyGems) Feb 24, 2023
Update share links to use FRP instead of SSH tunneling Moderate
CVE-2023-25823 was published for gradio (pip) Feb 23, 2023
gregsadetsky samueltc
Credited to gregsadetsky and samueltc
Cross-site Scripting in Quarkus Moderate
CVE-2023-0044 was published for io.quarkus:quarkus-vertx-http (Maven) Feb 23, 2023
Undertow client not checking server identity presented by server certificate in https connections Critical
CVE-2022-4492 was published for io.undertow:undertow-core (Maven) Feb 23, 2023
fawind
Credited to fawind
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database