Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,557 advisories

Loading
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations Low
GHSA-v7hc-87jc-qrrr was published for knative.dev/eventing-github (Go) Dec 6, 2023
Quarkus Cache Runtime exposes sensitive information to an unauthorized actor Moderate
CVE-2023-6393 was published for io.quarkus:quarkus-cache (Maven) Dec 6, 2023
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-6459 was published for github.com/mattermost/mattermost-server/v6 (Go) Dec 6, 2023
Mattermost Injection vulnerability High
CVE-2023-6458 was published for github.com/mattermost/mattermost-server/v6 (Go) Dec 6, 2023
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution Low
CVE-2023-49297 was published for PyDrive2 (pip) Dec 5, 2023
ejedev Credited to ejedev
tokio-boring vulnerable to resource exhaustion via memory leak Moderate
CVE-2023-6180 was published for tokio-boring (Rust) Dec 5, 2023
ehaydenr Credited to ehaydenr
Canonical LXD documentation improvement to make clear restricted.devices.disk=allow without restricted.devices.disk.paths also allows shift=true Low
GHSA-x9qq-236j-gj97 was published for github.com/canonical/lxd (Go) Dec 5, 2023
p-ouellette Credited to p-ouellette and gshanbhag525 gshanbhag525 gshanbhag525
Vite XSS vulnerability in `server.transformIndexHtml` via URL payload Moderate
CVE-2023-49293 was published for vite (npm) Dec 5, 2023
mxxk Credited to mxxk
github.com/ecies/go vulnerable to possible private key restoration High
CVE-2023-49292 was published for github.com/ecies/go/v2 (Go) Dec 5, 2023
Merricx Credited to Merricx and savely-krasovsky savely-krasovsky savely-krasovsky
tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code Injection Critical
CVE-2023-49291 was published for tj-actions/branch-names (GitHub Actions) Dec 5, 2023
AdnaneKhan Credited to AdnaneKhan and R3x R3x R3x
lestrrat-go/jwx's malicious parameters in JWE can cause a DOS Moderate
CVE-2023-49290 was published for github.com/lestrrat-go/jwx (Go) Dec 5, 2023
P3ngu1nW Credited to P3ngu1nW
Test code in published microsoft-graph-beta package exposes phpinfo() Moderate
GHSA-7mc6-x925-7qvx was published for microsoft/microsoft-graph-beta (Composer) Dec 5, 2023
Test code in published microsoft-graph-core package exposes phpinfo() Moderate
CVE-2023-49283 was published for microsoft/microsoft-graph-core (Composer) Dec 5, 2023
Test code in published microsoft-graph package exposes phpinfo() Moderate
CVE-2023-49282 was published for microsoft/microsoft-graph (Composer) Dec 5, 2023
Data leak of password hash through change requests High
CVE-2023-49280 was published for org.xwiki.contrib.changerequest:application-changerequest-default (Maven) Dec 5, 2023
michitux Credited to michitux
Elasticsearch-hadoop Unsafe Deserialization Moderate
CVE-2023-46674 was published for org.elasticsearch:elasticsearch-hadoop (Maven) Dec 5, 2023
jupyter-server errors include tracebacks with path information Moderate
CVE-2023-49080 was published for jupyter-server (pip) Dec 5, 2023
krsecu Credited to krsecu
Traefik docker container using 100% CPU High
CVE-2023-47633 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
ekle Credited to ekle
Traefik vulnerable to potential DDoS via ACME HTTPChallenge Moderate
CVE-2023-47124 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass Moderate
CVE-2023-47106 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
Benasin Credited to Benasin
Cross-Site Request Forgery in JFinalCMS via /admin/div/update High
CVE-2023-49381 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/category/updateStatus High
CVE-2023-49397 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via /admin/category/delete High
CVE-2023-49398 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
Cross-Site Request Forgery in JFinalCMS via admin/nav/delete High
CVE-2023-49448 was published for com.jfinal:jfinal (Maven) Dec 5, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database