Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,600 advisories

Loading
Code Injection in froxlor/froxlor High
CVE-2023-0877 was published for froxlor/froxlor (Composer) Feb 17, 2023
Uncontrolled Resource Consumption in Hashicorp Nomad Moderate
CVE-2023-0821 was published for github.com/hashicorp/nomad (Go) Feb 17, 2023
Data Amplification in HashiCorp go-getter Moderate
CVE-2023-0475 was published for github.com/hashicorp/go-getter (Go) Feb 16, 2023
Users with any cluster secret update access may update out-of-bounds cluster secrets Critical
CVE-2023-23947 was published for github.com/argoproj/argo-cd (Go) Feb 16, 2023
crenshaw-dev
Credited to crenshaw-dev
XML External Entity (XXE) vulnerability in apoc.import.graphml Moderate
CVE-2023-23926 was published for org.neo4j.procedure:apoc-core (Maven) Feb 16, 2023
Lojjs
Credited to Lojjs
CRLF Injection in Nodejs ‘undici’ via host Moderate
CVE-2023-23936 was published for undici (npm) Feb 16, 2023
Regular Expression Denial of Service in Headers High
CVE-2023-24807 was published for undici (npm) Feb 16, 2023
sno2
Credited to sno2
Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS) High
CVE-2023-25653 was published for node-jose (npm) Feb 16, 2023
justaugustus bifurcation
Credited to justaugustus and bifurcation
Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler Moderate
CVE-2025-27098 was published for @graphql-mesh/cli (npm) Feb 16, 2023
ardatan dotansimha
Credited to ardatan and dotansimha
Duplicate advisory: Sequelize vulnerable to Improper Filtering of Special Elements Critical
GHSA-8mwq-mj73-qv68 was published for @sequelize/core (npm) Feb 16, 2023 withdrawn
Sequelize information disclosure vulnerability Moderate
CVE-2023-22580 was published for @sequelize/core (npm) Feb 16, 2023
Duplicate advisory: Sequelize - Unsafe fall-through in getWhereConditions High
GHSA-r3vq-92c6-3mqf was published for @sequelize/core (npm) Feb 16, 2023 withdrawn
OCI image importer memory exhaustion in github.com/containerd/containerd Moderate
CVE-2023-25153 was published for github.com/containerd/containerd (Go) Feb 16, 2023
AdamKorcz DavidKorczynski
Credited to AdamKorcz and DavidKorczynski
Privilege escalation in Strongbox Moderate
GHSA-mhgm-52vg-pvvc was published for com.schibsted.security:strongbox-sdk (Maven) Feb 16, 2023
tdunlap607
Credited to tdunlap607
Supplementary groups are not set up properly in github.com/containerd/containerd Moderate
CVE-2023-25173 was published for github.com/containerd/containerd (Go) Feb 16, 2023
Improper Restriction of Excessive Authentication Attempts in modoboa High
CVE-2023-0860 was published for modoboa (pip) Feb 16, 2023
Cross-site Scripting in kimai/kimai Critical
CVE-2020-19825 was published for kimai/kimai (Composer) Feb 16, 2023
rttys SQL Injection vulnerability High
CVE-2022-38867 was published for github.com/zhaojh329/rttys (Go) Feb 16, 2023
Synopsys Jenkins Coverity Plugin has Incorrect Default Permissions Moderate
CVE-2023-23850 was published for org.jenkins-ci.plugins:synopsys-coverity (Maven) Feb 15, 2023
CSRF vulnerability in Synopsys Jenkins Coverity Plugin Low
CVE-2023-23847 was published for org.jenkins-ci.plugins:synopsys-coverity (Maven) Feb 15, 2023
CSRF vulnerability in Jenkins Coverity Plugin allow capturing credentials Moderate
CVE-2023-23848 was published for org.jenkins-ci.plugins:synopsys-coverity (Maven) Feb 15, 2023
Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug Moderate
GHSA-76r7-h46w-463r was published for pimcore/pimcore (Composer) Feb 15, 2023
Sanket-722
Credited to Sanket-722
No protection against brute-force attacks on login page High
CVE-2023-25156 was published for kiwitcms (pip) Feb 15, 2023
Denial of service vulnerability on Password reset page High
CVE-2023-25171 was published for kiwitcms (pip) Feb 15, 2023
mosaa404
Credited to mosaa404
Denial of service vulnerability when parsing multipart request body High
CVE-2023-25578 was published for starlite (pip) Feb 15, 2023
das7pad
Credited to das7pad
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database