Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,557 advisories

Loading
Apache Airflow Cross-Site Request Forgery vulnerability Moderate
CVE-2023-49920 was published for apache-airflow (pip) Dec 21, 2023
bsock uses weak hashing algorithms Critical
CVE-2023-50475 was published for bsock (npm) Dec 21, 2023
Apache Airflow Improper Access Control vulnerability Moderate
CVE-2023-50783 was published for apache-airflow (pip) Dec 21, 2023
Apache Airflow has a stored cross-site scripting vulnerability Moderate
CVE-2023-47265 was published for apache-airflow (pip) Dec 21, 2023
Apache Airflow vulnerable to Exposure of Resource to Wrong Sphere Moderate
CVE-2023-48291 was published for apache-airflow (pip) Dec 21, 2023
Grails data binding causes JVM crash and/or other denial of service Moderate
CVE-2023-46131 was published for org.grails:grails-databinding (Maven) Dec 20, 2023
Duplicate Advisory: Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go Moderate
GHSA-mhpq-9638-x6pw was published for github.com/dvsekhvalnov/jose2go (Go) Dec 20, 2023 withdrawn
transformers has a Deserialization of Untrusted Data vulnerability High
CVE-2023-7018 was published for transformers (pip) Dec 20, 2023
MainWP Dashboard SQL Command Injection vulnerability High
CVE-2023-38519 was published for mainwp/mainwp (Composer) Dec 20, 2023
Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability High
CVE-2023-37544 was published for org.apache.pulsar:pulsar-websocket (Maven) Dec 20, 2023
MLFlow Path Traversal Vulnerability Critical
CVE-2023-6975 was published for mlflow (pip) Dec 20, 2023
MLflow Local File Disclosure Vulnerability High
CVE-2023-6977 was published for mlflow (pip) Dec 20, 2023
MLflow Path Traversal Vulnerability High
CVE-2023-6976 was published for mlflow (pip) Dec 20, 2023
MLflow Server-Side Request Forgery (SSRF) Critical
CVE-2023-6974 was published for mlflow (pip) Dec 20, 2023
MLflow Path Traversal Vulnerability High
CVE-2023-6909 was published for mlflow (pip) Dec 20, 2023
Authentication bypass vulnerability in navidrome's subsonic endpoint High
CVE-2023-51442 was published for github.com/navidrome/navidrome (Go) Dec 19, 2023
crazygolem Credited to crazygolem
Expired tokens can be renewed without validating the account password High
GHSA-9wgg-m99q-hhfc was published for emailproxy (pip) Dec 19, 2023
Velocity execution without script right through tree macro High
CVE-2023-50732 was published for org.xwiki.platform:xwiki-platform-index-tree-macro (Maven) Dec 19, 2023
containerd allows RAPL to be accessible to a container Moderate
GHSA-7ww5-4wqc-m92c was published for github.com/containerd/containerd (Go) Dec 19, 2023
zhangzhics Credited to zhangzhics, garrisongys, and neersighted garrisongys garrisongys
neersighted neersighted
transformers has a Deserialization of Untrusted Data vulnerability Critical
CVE-2023-6730 was published for transformers (pip) Dec 19, 2023
Pedroetb TTS-API OS Command Injection Critical
CVE-2019-25158 was published for tts-api (npm) Dec 19, 2023
Apache Superset uncontrolled resource consumption Moderate
CVE-2023-46104 was published for apache-superset (pip) Dec 19, 2023
Apache Superset incorrect write permissions vulnerability High
CVE-2023-49734 was published for apache-superset (pip) Dec 19, 2023
Phpsysinfo Cross Site Request Forgery (CSRF) vulnerability Moderate
CVE-2023-49006 was published for phpsysinfo/phpsysinfo (Composer) Dec 19, 2023
Apache Superset SQL injection vulnerability Moderate
CVE-2023-49736 was published for apache-superset (pip) Dec 19, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database