Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,557 advisories

Loading
Mingsoft MCMS SQL injection High
CVE-2023-50578 was published for net.mingsoft:ms-mcms (Maven) Dec 30, 2023
JeecgBoot server-side template injection Critical
CVE-2023-41544 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Dec 30, 2023
Jeecg Boot SQL Injection Critical
CVE-2023-41543 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Dec 30, 2023
Jeecg Boot SQL injection vulnerability Critical
CVE-2023-41542 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Dec 30, 2023
Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions High
CVE-2023-3629 was published for org.infinispan:infinispan-server-rest (Maven) Dec 30, 2023
Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions High
CVE-2023-3628 was published for org.infinispan:infinispan-server-rest (Maven) Dec 30, 2023
Miniflare vulnerable to Server-Side Request Forgery (SSRF) High
CVE-2023-7078 was published for miniflare (npm) Dec 29, 2023
Lekensteyn Credited to Lekensteyn
IPAddress Infinite Loop vulnerability (Disputed) Moderate
CVE-2023-50570 was published for com.github.seancfoley:ipaddress (Maven) Dec 29, 2023 withdrawn
mike-jumper Credited to mike-jumper
easy-rules-mvel vulnerable to remote code execution High
CVE-2023-50571 was published for org.jeasy:easy-rules-mvel (Maven) Dec 29, 2023
JLine vulnerable to out of memory error Moderate
CVE-2023-50572 was published for org.jline:jline-parent (Maven) Dec 29, 2023
Mattermost Cross-site Scripting vulnerability Low
CVE-2023-7113 was published for github.com/mattermost/mattermost/server/v8 (Go) Dec 29, 2023
ShifuML shifu code injection vulnerability Moderate
CVE-2023-7148 was published for ml.shifu:shifu (Maven) Dec 29, 2023
Winter CMS Stored XSS through Backend ColorPicker FormWidget Low
CVE-2023-52084 was published for winter/wn-backend-module (Composer) Dec 28, 2023
Sanineng Credited to Sanineng
Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming Low
CVE-2023-52083 was published for winter/wn-system-module (Composer) Dec 28, 2023
Cyber-Wo0dy Credited to Cyber-Wo0dy
Infinispan circular object references causes out of memory errors High
CVE-2023-5236 was published for org.infinispan.protostream:protostream (Maven) Dec 28, 2023
Ansible symlink attack vulnerability Moderate
CVE-2023-5115 was published for ansible (pip) Dec 28, 2023
ewen-lbh/ffcss Late-Unicode normalization vulnerability Moderate
CVE-2023-52081 was published for github.com/ewen-lbh/ffcss (Go) Dec 28, 2023
Sim4n6 Credited to Sim4n6
msgpackr's conversion of property names to strings can trigger infinite recursion High
CVE-2023-52079 was published for msgpackr (npm) Dec 28, 2023
o5k Credited to o5k
ActiveAdmin CSV Injection leading to sensitive information disclosure Moderate
CVE-2023-51763 was published for activeadmin (RubyGems) Dec 28, 2023
Infinispan caches credentials in clear text Moderate
CVE-2023-5384 was published for org.infinispan:infinispan-cachestore-jdbc (Maven) Dec 28, 2023
DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value Moderate
CVE-2023-6681 was published for jwcrypto (pip) Dec 28, 2023
json-path Out-of-bounds Write vulnerability Moderate
CVE-2023-51074 was published for com.jayway.jsonpath:json-path (Maven) Dec 27, 2023
phrabec Credited to phrabec and SunBK201 SunBK201 SunBK201
hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function High
CVE-2023-51075 was published for cn.hutool:hutool-core (Maven) Dec 27, 2023
mvel2 TimeOut error exists in the ParseTools.subCompileExpression method Moderate
CVE-2023-51079 was published for org.mvel:mvel2 (Maven) Dec 27, 2023
hyavijava stack overflow vulnerability Critical
CVE-2023-51084 was published for com.github:hyavijava (Maven) Dec 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database