Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,557 advisories

Loading
Potential CSV export data leak High
CVE-2023-50448 was published for activeadmin (RubyGems) Dec 15, 2023
emilong Credited to emilong
nvdApiKey is logged in debug mode Low
GHSA-qqhq-8r2c-c3f5 was published for org.owasp:dependency-check-ant (Maven) Dec 15, 2023
hott-box Credited to hott-box
User accounts disclosed to unauthenticated actors on the LAN Moderate
CVE-2023-50715 was published for homeassistant (pip) Dec 15, 2023
r01k Credited to r01k
Apache StreamPark: Authenticated system users could trigger remote command execution Critical
CVE-2023-49898 was published for org.apache.streampark:streampark (Maven) Dec 15, 2023
Apache StreamPark: Authenticated system users could trigger SQL injection vulnerability Moderate
CVE-2023-30867 was published for org.apache.streampark:streampark (Maven) Dec 15, 2023
Multiple WSO2 products vulnerable to perform user impersonatoin using JIT provisioning High
CVE-2023-6837 was published for org.wso2.carbon.identity.framework:org.wso2.carbon.identity.application.authentication.framework (Maven) Dec 15, 2023
WSO2 API Manager allows attackers to change the API rating Moderate
CVE-2023-6835 was published for org.wso2.carbon.apimgt:forum (Maven) Dec 15, 2023
WSO2 products vulnerable to XML External Entity attack Moderate
CVE-2023-6836 was published for org.wso2.am:wso2am (Maven) Dec 15, 2023
Bypass serialize checks in Apache Dubbo Critical
CVE-2023-29234 was published for org.apache.dubbo:dubbo (Maven) Dec 15, 2023
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo Critical
CVE-2023-46279 was published for org.apache.dubbo:dubbo (Maven) Dec 15, 2023
GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182 High
CVE-2023-50731 was published for mindsdb (pip) Dec 15, 2023
sylwia-budzynska Credited to sylwia-budzynska
Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut Low
GHSA-3mv5-343c-w2qg was published for zerocopy (Rust) Dec 15, 2023
Full Table Permissions by Default High
GHSA-x5fr-7hhj-34j3 was published for surrealdb (Rust) Dec 15, 2023
LucyEgan Credited to LucyEgan
Path traversal in MLflow Critical
CVE-2023-6831 was published for mlflow (pip) Dec 15, 2023
Business Logic Errors in microweber/microweber Moderate
CVE-2023-6832 was published for microweber/microweber (Composer) Dec 15, 2023
Cross-site Scripting in @spscommerce/ds-react Critical
GHSA-cfxh-frx4-9gjg was published for @spscommerce/ds-react (npm) Dec 15, 2023
shramko82 Credited to shramko82, knedev42, and jimthedev knedev42 knedev42
jimthedev jimthedev
Named path parameters can be overridden in TrieRouter Moderate
CVE-2023-50710 was published for hono (npm) Dec 15, 2023
Duplicate Advisory: Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri Moderate
GHSA-5968-qw33-h47j was published for org.keycloak:keycloak-services (Maven) Dec 15, 2023 withdrawn
Allocation of Resources Without Limits in Keycloak High
CVE-2023-6563 was published for org.keycloak:keycloak-model-jpa (Maven) Dec 14, 2023
Cross-site Scripting in JFinalcms Moderate
CVE-2023-50100 was published for com.jfinal:jfinal (Maven) Dec 14, 2023
Cross-site Scripting in JFinalcms Moderate
CVE-2023-50101 was published for com.jfinal:jfinal (Maven) Dec 14, 2023
Cross-site Scripting in JFinalcms Moderate
CVE-2023-50137 was published for com.jfinal:jfinal (Maven) Dec 14, 2023
Cross-site Scripting in JFinalcms Moderate
CVE-2023-50102 was published for com.jfinal:jfinal (Maven) Dec 14, 2023
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability Critical
CVE-2023-6572 was published for gradio (pip) Dec 14, 2023
External Control of File Name or Path in h2oai/h2o-3 Critical
CVE-2023-6569 was published for h2o (pip) Dec 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database