Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,600 advisories

Loading
Unsafe tar unpacking in HashiCorp go-slug High
CVE-2020-29529 was published for github.com/hashicorp/go-slug (Go) Feb 6, 2023
tinymighty WikiSEO is vulnerable to cross-site scripting via modifyHTML function Critical
CVE-2015-10073 was published for tinymighty/wiki-seo (Composer) Feb 6, 2023
Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework High
CVE-2023-0669 was published for metasploit-framework (RubyGems) Feb 6, 2023 withdrawn
smcintyre-r7
Credited to smcintyre-r7
Exposure of Sensitive Information in EVE-SRP Moderate
CVE-2020-36660 was published for EVE-SRP (pip) Feb 6, 2023
semver-tags is vulnerable to Command Injection via the getGitTagsRemote function High
CVE-2022-25853 was published for semver-tags (npm) Feb 6, 2023
create-choo-app3 is vulnerable to Command Injection via the devInstall function High
CVE-2022-25855 was published for create-choo-app3 (npm) Feb 6, 2023
Cross-site Scripting in DaSchTour matomo-mediawiki-extension Moderate
CVE-2017-20175 was published for mediawiki/matomo (Composer) Feb 5, 2023
Sling App CMS Cross-site Scripting vulnerability Moderate
CVE-2023-22849 was published for org.apache.sling:org.apache.sling.cms (Maven) Feb 4, 2023
Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection High
CVE-2022-45786 was published for apache-age-python (Go) Feb 4, 2023
oscerd
Credited to oscerd
Header injection in TurboGears Critical
CVE-2019-25101 was published for TurboGears (pip) Feb 4, 2023
Cross-site Scripting in MobileDetect Moderate
CVE-2018-25080 was published for mobiledetect/mobiledetectlib (Composer) Feb 4, 2023
Cross-Site Request Forgery in XXL Job Moderate
CVE-2023-0674 was published for com.xuxueli:xxl-job (Maven) Feb 4, 2023
is-url Inefficient Regular Expression Complexity vulnerability High
CVE-2018-25079 was published for is-url (npm) Feb 4, 2023
froxlor is vulnerable to privilege escalation from customer to root via directory-options High
CVE-2023-0671 was published for froxlor/froxlor (Composer) Feb 4, 2023
`tokio::io::ReadHalf<T>::unsplit` is Unsound Low
GHSA-4q83-7cq4-p6wg was published for tokio (Rust) Feb 4, 2023
Path Traversal in gin-vue-admin High
CVE-2022-47762 was published for github.com/flipped-aurora/gin-vue-admin (Go) Feb 3, 2023
Payment information sent to PayPal not necessarily identical to created order High
CVE-2023-23941 was published for swag/paypal (Composer) Feb 3, 2023
Insecure Permissions issue in jeecg-boot High
CVE-2021-37305 was published for org.jeecgframework.boot:jeecg-boot-base (Maven) Feb 3, 2023
Insecure Permissions issue in jeecg-boot High
CVE-2021-37304 was published for org.jeecgframework.boot:jeecg-boot-base (Maven) Feb 3, 2023
Cross site scripting in automad/automad Moderate
CVE-2021-37502 was published for automad/automad (Composer) Feb 3, 2023
marcantondahmen
Credited to marcantondahmen
Insecure Permissions issue in jeecg-boot High
CVE-2021-37306 was published for org.jeecgframework.boot:jeecg-boot-base (Maven) Feb 3, 2023
Jellyfin Web Cross-Site Scripting (XSS) via Collection Name Moderate
CVE-2023-23635 was published for jellyfin-web (npm) Feb 3, 2023
Jellyfin Web Cross-Site Scripting (XSS) via Playlist Name Moderate
CVE-2023-23636 was published for jellyfin-web (npm) Feb 3, 2023
wallabag subject to Improper Authorization via annotations Moderate
CVE-2023-0610 was published for wallabag/wallabag (Composer) Feb 2, 2023
bAuh0lz
Credited to bAuh0lz
wallabag contains Improper Authorization via export feature Moderate
CVE-2023-0609 was published for wallabag/wallabag (Composer) Feb 2, 2023
bAuh0lz
Credited to bAuh0lz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database