Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,053
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,582 advisories

Loading
Answer subject to Cross-site Scripting vulnerability Critical
CVE-2023-0743 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Answer vulnerable to Race Condition Moderate
CVE-2023-0739 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing High
GHSA-74fp-r6jw-h4mp was published for k8s.io/apimachinery (Go) Feb 8, 2023
Mayan EDMS DMS XSS vulnerability Moderate
CVE-2022-47419 was published for mayan-edms (pip) Feb 8, 2023
Cross-Site Request Forgery (CSRF) in wallabag/wallabag Moderate
CVE-2023-0735 was published for wallabag/wallabag (Composer) Feb 8, 2023
Cross-site Scripting (XSS) in wallabag/wallabag Moderate
CVE-2023-0736 was published for wallabag/wallabag (Composer) Feb 8, 2023
Panic due to malformed WALs in go.etcd.io/etcd Low
CVE-2020-15106 was published for go.etcd.io/etcd (Go) Feb 7, 2023
go.uuid has Predictable UUID Identifiers Critical
CVE-2021-3538 was published for github.com/satori/go.uuid (Go) Feb 7, 2023
Denial of Service in dhowden/tag Moderate
CVE-2020-29242 was published for github.com/dhowden/tag (Go) Feb 7, 2023
golang.org/x/crypto/ssh Man-in-the-Middle attack High
CVE-2017-3204 was published for golang.org/x/crypto (Go) Feb 7, 2023
Apache Kafka Connect vulnerable to Deserialization of Untrusted Data High
CVE-2023-25194 was published for org.apache.kafka:connect (Maven) Feb 7, 2023
MarkLee131
Credited to MarkLee131
Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf Moderate
CVE-2023-23931 was published for cryptography (pip) Feb 7, 2023
Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2 Moderate
GHSA-4xgv-j62q-h3rj was published for github.com/pion/dtls (Go) Feb 7, 2023
Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2 Moderate
GHSA-hxp2-xqf3-v83h was published for github.com/pion/dtls (Go) Feb 7, 2023
URI validation failure on SVG parsing. Bypass of CVE-2023-23924 Critical
CVE-2023-24813 was published for dompdf/dompdf (Composer) Feb 7, 2023
Ry0taK
Credited to Ry0taK
Open Redirect in Caddy Moderate
CVE-2022-28923 was published for github.com/caddyserver/caddy/v2 (Go) Feb 7, 2023
J3rry-1729
Credited to J3rry-1729
Openshift Enterprise source-to-image vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) Moderate
CVE-2018-1103 was published for github.com/openshift/source-to-image (Go) Feb 6, 2023
Improper Validation of Array Index in GJSON High
CVE-2020-36067 was published for github.com/tidwall/gjson (Go) Feb 6, 2023
Kubernetes client-go vulnerable to Sensitive Information Leak via Log File Moderate
CVE-2020-8565 was published for k8s.io/client-go (Go) Feb 6, 2023
Kubernetes Sensitive Information leak via Log File Moderate
CVE-2020-8564 was published for github.com/kubernetes/kubernetes (Go) Feb 6, 2023
Unsafe tar unpacking in HashiCorp go-slug High
CVE-2020-29529 was published for github.com/hashicorp/go-slug (Go) Feb 6, 2023
tinymighty WikiSEO is vulnerable to cross-site scripting via modifyHTML function Critical
CVE-2015-10073 was published for tinymighty/wiki-seo (Composer) Feb 6, 2023
Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework High
CVE-2023-0669 was published for metasploit-framework (RubyGems) Feb 6, 2023 withdrawn
smcintyre-r7
Credited to smcintyre-r7
Exposure of Sensitive Information in EVE-SRP Moderate
CVE-2020-36660 was published for EVE-SRP (pip) Feb 6, 2023
create-choo-app3 is vulnerable to Command Injection via the devInstall function High
CVE-2022-25855 was published for create-choo-app3 (npm) Feb 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database