Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,557 advisories

Loading
Path traversal in MLflow High
CVE-2023-6753 was published for mlflow (pip) Dec 13, 2023
Ansible template injection vulnerability Moderate
CVE-2023-5764 was published for ansible-core (pip) Dec 13, 2023
Elastic Beats inserts sensitive information into log file Moderate
CVE-2023-49922 was published for github.com/elastic/beats (Go) Dec 12, 2023
levinebw Credited to levinebw
Exposure of Sensitive Information in mltable Moderate
CVE-2023-35625 was published for mltable (pip) Dec 12, 2023
memory overflow vulnerability in OpenEXR-viewer Critical
CVE-2023-50245 was published for afichet/openexr-viewer (GitHub Actions) Dec 12, 2023
GAP-dev Credited to GAP-dev
Jinja2 template injection in mlflow High
CVE-2023-6709 was published for mlflow (pip) Dec 12, 2023
Duplicate Advisory: Privilege escalation in sap-xssec Critical
GHSA-p99h-pfg6-qrfg was published for sap-xssec (pip) Dec 12, 2023 withdrawn
Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library Critical
GHSA-gcgw-q47m-prvj was published for com.sap.cloud.security.xsuaa:spring-xsuaa (Maven) Dec 12, 2023 withdrawn
Escalation of privileges in @sap/xssec Critical
CVE-2023-49583 was published for @sap/xssec (npm) Dec 12, 2023
leon-vg Credited to leon-vg
Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go Critical
GHSA-92cg-ghq6-9587 was published for github.com/sap/cloud-security-client-go (Go) Dec 12, 2023 withdrawn
Password Change Vulnerability Moderate
CVE-2023-49804 was published for uptime-kuma (npm) Dec 12, 2023
manoonabbasi Credited to manoonabbasi
lakeFS logs S3 credentials in plain text High
GHSA-4rgc-5g6r-2rjf was published for github.com/treeverse/lakefs (Go) Dec 12, 2023
User with permission to write actions can impersonate another user when auth token is configured in environment variable Moderate
GHSA-26hr-q2wp-rvc5 was published for github.com/treeverse/lakefs (Go) Dec 12, 2023
nopcoder Credited to nopcoder and arielshaqed arielshaqed arielshaqed
SSRF & Credentials Leak High
CVE-2023-49799 was published for nuxt-api-party (npm) Dec 12, 2023
OhB00 Credited to OhB00
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4 Moderate
CVE-2023-49798 was published for @openzeppelin/contracts (npm) Dec 12, 2023
Improper Input Validation in mindsdb Moderate
CVE-2023-49796 was published for mindsdb (pip) Dec 12, 2023
sylwia-budzynska Credited to sylwia-budzynska
Server-Side Request Forgery in mindsdb Moderate
CVE-2023-49795 was published for mindsdb (pip) Dec 12, 2023
sylwia-budzynska Credited to sylwia-budzynska
Always incorrect control flow in github.com/mojocn/base64Captcha Moderate
CVE-2023-45292 was published for github.com/mojocn/base64Captcha (Go) Dec 12, 2023
Stale copy of the public suffix list Low
GHSA-w4x6-hh3x-wjrx was published for Gsemac.Net (NuGet) Dec 11, 2023
Overly permissive origin policy High
CVE-2023-49803 was published for @koa/cors (npm) Dec 11, 2023
PawelJ-PL Credited to PawelJ-PL
DOS by abusing `fetchOptions.retry`. High
CVE-2023-49800 was published for nuxt-api-party (npm) Dec 11, 2023
OhB00 Credited to OhB00
Header spoofing in caddy-geo-ip Moderate
CVE-2023-50463 was published for github.com/shift72/caddy-geo-ip (Go) Dec 11, 2023
Cross-site Scripting in Semantic MediaWiki Moderate
CVE-2022-48614 was published for mediawiki/semantic-media-wiki (Composer) Dec 10, 2023
Directory Traversal in JFinalCMS High
CVE-2023-50449 was published for com.jfinal:jfinal (Maven) Dec 10, 2023
PHPEMS Deserialization of Untrusted Data vulnerability Moderate
CVE-2023-6654 was published for phpems/phpems (Composer) Dec 10, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database