Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,600 advisories

Loading
Apache Linkis vulnerable to Exposure of Sensitive Information Moderate
CVE-2022-44644 was published for org.apache.linkis:linkis (Maven) Jan 31, 2023
Path traversal in ubi-reader Moderate
CVE-2023-0591 was published for ubi-reader (pip) Jan 31, 2023
qkaiser
Credited to qkaiser
http-cache-semantics vulnerable to Regular Expression Denial of Service High
CVE-2022-25881 was published for http-cache-semantics (Maven) Jan 31, 2023
tdunlap607
Credited to tdunlap607
jSuites subect to Cross-site Scripting Moderate
CVE-2022-25979 was published for jsuites (npm) Jan 31, 2023
nemo-appium vulnerable to OS Command Injection Critical
CVE-2022-21129 was published for nemo-appium (npm) Jan 31, 2023
Withdrawn Advisory: Apache IoTDB contains Improper Authentication High
CVE-2023-24830 was published for org.apache.iotdb:iotdb-parent (Maven) Jan 30, 2023 withdrawn
Eta vulnerable to Code Injection via templates rendered with user-defined data High
CVE-2022-25967 was published for eta (npm) Jan 30, 2023
Servst vulnerable to Path Traversal High
CVE-2022-25936 was published for servst (npm) Jan 30, 2023
lirantal
Credited to lirantal
Withdrawn: safeurl-python contains Server-Side Request Forgery Moderate
GHSA-rw83-v3pw-m362 was published for safeurl-python (pip) Jan 30, 2023 withdrawn
Paranoidhttp Server-Side Request Forgery vulnerability High
CVE-2023-24623 was published for github.com/hakobe/paranoidhttp (Go) Jan 30, 2023
Froxlor contains Business Logic Errors Moderate
CVE-2023-0565 was published for froxlor/froxlor (Composer) Jan 30, 2023
Froxlor contains Static Code Injection Moderate
CVE-2023-0566 was published for froxlor/froxlor (Composer) Jan 30, 2023
Froxlor contains Unchecked Error Condition Moderate
CVE-2023-0572 was published for froxlor/froxlor (Composer) Jan 30, 2023
CImage Cross-site Scripting vulnerability Moderate
CVE-2016-15022 was published for mos/cimage (Composer) Jan 29, 2023
Publify contains Weak Password Requirements Moderate
CVE-2023-0569 was published for publify_core (RubyGems) Jan 29, 2023
JSZip contains Path Traversal via loadAsync Moderate
CVE-2022-48285 was published for jszip (npm) Jan 29, 2023
Froxlor contains Weak Password Requirements High
CVE-2023-0564 was published for froxlor/froxlor (Composer) Jan 29, 2023
NYUCCL psiTurk IS vulnerable to Improper Neutralization of Special Elements High
CVE-2021-4315 was published for psiTurk (pip) Jan 29, 2023
Improper neutralization of `noscript` element content may allow XSS in Sanitize Moderate
CVE-2023-23627 was published for sanitize (RubyGems) Jan 28, 2023
leeN
Credited to leeN
Path Traversal In Eclipse GlassFish Moderate
CVE-2022-2712 was published for org.glassfish.main.web:web (Maven) Jan 27, 2023
safeurl-python contains Server-Side Request Forgery Moderate
CVE-2023-24622 was published for safeurl-python (pip) Jan 27, 2023
whoissecure
Credited to whoissecure
DataFlow upload remote code execution vulnerability High
CVE-2021-41231 was published for openmage/magento-lts (Composer) Jan 27, 2023
Fix for authenticated remote code execution through layout update High
CVE-2021-41144 was published for openmage/magento-lts (Composer) Jan 27, 2023
Initial debug-host handler implementation could leak information and facilitate denial of service Moderate
GHSA-x477-fq37-q5wr was published for fortio.org/proxy (Go) Jan 27, 2023
DoS vulnerability in MaliciousCode filter Moderate
CVE-2023-23617 was published for openmage/magento-lts (Composer) Jan 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database