Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,557 advisories

Loading
Arbitrary remote code execution within `wrangler dev` Workers sandbox Critical
CVE-2023-7080 was published for wrangler (npm) Jan 3, 2024
Lekensteyn Credited to Lekensteyn
Arbitrary remote file read in Wrangler dev server Moderate
CVE-2023-7079 was published for wrangler (npm) Jan 3, 2024
Lekensteyn Credited to Lekensteyn
The DES/3DES cipher was used as part of the TLS protocol by installation tools Low
GHSA-7xg2-83f8-39mr was published for github.com/karmada-io/karmada (Go) Jan 3, 2024
zhzhuang-zju Credited to zhzhuang-zju and yanfeng1992 yanfeng1992 yanfeng1992
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE Moderate
GHSA-gjhc-6xm7-mc8q was published for tinymce (npm) Jan 3, 2024 withdrawn
Duplicate Advisory: Denial of service in CBOR library High
GHSA-hf3r-vmrv-7w29 was published for PeterO.Cbor (NuGet) Jan 3, 2024 withdrawn
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE plugins Moderate
GHSA-wxj2-777f-vxmf was published for tinymce (npm) Jan 3, 2024 withdrawn
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE Moderate
GHSA-q5pp-5q2h-g8rv was published for tinymce (npm) Jan 3, 2024 withdrawn
Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json High
GHSA-8rfx-6mr3-5jh3 was published for Newtonsoft.Json (NuGet) Jan 3, 2024 withdrawn
CubeFS leaks users key in logs Moderate
CVE-2023-46742 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz Credited to AdamKorcz
CubeFS leaks magic secret key when starting Blobstore access service Moderate
CVE-2023-46741 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz Credited to AdamKorcz
Insecure random string generator used for sensitive data High
CVE-2023-46740 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz Credited to AdamKorcz
CubeFS timing attack can leak user passwords High
CVE-2023-46739 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz Credited to AdamKorcz
Authenticated users can crash the CubeFS servers with maliciously crafted requests High
CVE-2023-46738 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz Credited to AdamKorcz
CouchAuth host header injection vulnerability leaks the password reset token High
CVE-2023-39655 was published for @perfood/couch-auth (npm) Jan 3, 2024
Apache InLong Manager Remote Code Execution vulnerability Critical
CVE-2023-51784 was published for org.apache.inlong:manager-pojo (Maven) Jan 3, 2024
Apache InLong Manager Arbitrary File Read Vulnerability High
CVE-2023-51785 was published for org.apache.inlong:manager-pojo (Maven) Jan 3, 2024
PaddlePaddle stack overflow in paddle.linalg.lu_unpack High
CVE-2023-52307 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in convert_shape_compare Critical
CVE-2023-52314 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in _wget_download Critical
CVE-2023-52311 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle floating point exception in paddle.amin Moderate
CVE-2023-52308 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle floating point exception in paddle.topk Moderate
CVE-2023-52305 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle stack overflow in paddle.searchsorted High
CVE-2023-52304 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle floating point exception in paddle.argmin and paddle.argmax Moderate
CVE-2023-52313 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle floating point exception in paddle.lerp Moderate
CVE-2023-52306 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle heap buffer overflow in paddle.repeat_interleave High
CVE-2023-52309 was published for PaddlePaddle (pip) Jan 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database