Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,128 advisories

Loading
Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability High
CVE-2023-36049 was published for System.Net.Requests (NuGet) Nov 14, 2023
Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability High
CVE-2023-39913 was published for org.apache.uima:uimaj (Maven) Nov 8, 2023
Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation High
CVE-2023-3893 was published for github.com/kubernetes-csi/csi-proxy (Go) Nov 3, 2023
Eclipse Glassfish remote code execution issue Moderate
CVE-2023-5763 was published for org.glassfish.main.orb:orb-connector (Maven) Nov 3, 2023
Eclipse Parsson Denial of Service vulnerability Moderate
CVE-2023-4043 was published for org.eclipse.parsson:project (Maven) Nov 3, 2023
Dolibarr Improper Input Validation vulnerability High
CVE-2023-4197 was published for dolibarr/dolibarr (Composer) Nov 1, 2023
Kubernetes privilege escalation vulnerability High
CVE-2023-3955 was published for k8s.io/kubernetes (Go) Oct 31, 2023
Kubernetes privilege escalation vulnerability High
CVE-2023-3676 was published for k8s.io/kubernetes (Go) Oct 31, 2023
Ingress nginx annotation injection causes arbitrary command execution High
CVE-2023-5043 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation High
CVE-2023-5044 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
joshbressers
Credited to joshbressers
Ingress-nginx path sanitization can be bypassed High
CVE-2022-4886 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
PDM Trojan Lockfile High
CVE-2023-45805 was published for pdm (pip) Oct 20, 2023
wayphinder
Credited to wayphinder
CSRF Token Reuse Vulnerability Critical
CVE-2023-45128 was published for github.com/gofiber/fiber/v2 (Go) Oct 17, 2023
rere61 sixcolors
the-hotmann gaby efectn ReneWerner87
Credited to rere61, sixcolors, the-hotmann, gaby, efectn, and ReneWerner87
Improper Input Validation in vriteio/vrite Moderate
CVE-2023-5571 was published for @vrite/sdk (npm) Oct 13, 2023
Magento Open Source has Improper Input Validation Vulnerability Moderate
CVE-2023-26367 was published for magento/community-edition (Composer) Oct 13, 2023
Magento Open Source allows Incorrect Authorization Moderate
CVE-2023-38218 was published for magento/community-edition (Composer) Oct 13, 2023
Apache Tomcat Improper Input Validation vulnerability Moderate
CVE-2023-45648 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 10, 2023
biehl1 mpihelgas
Credited to biehl1 and mpihelgas
Microsoft Common Data Model SDK Denial of Service Vulnerability Moderate
CVE-2023-36566 was published for Microsoft.CommonDataModel.ObjectModel (Maven) Oct 10, 2023
degant
Credited to degant
Apache Avro Java SDK vulnerable to Improper Input Validation High
CVE-2023-39410 was published for org.apache.avro:avro (Maven) Sep 29, 2023
sealonohana
Credited to sealonohana
OpenCart Path Traversal vulnerability High
CVE-2023-2315 was published for opencart/opencart (Composer) Sep 27, 2023
Denial of Service issue in quinn-proto High
CVE-2023-42805 was published for quinn-proto (Rust) Sep 21, 2023
QUICTester
Credited to QUICTester
Improper Input Validation in nocodb Moderate
CVE-2023-5104 was published for nocodb (npm) Sep 21, 2023
Magento Open Source affected by Improper Input Validation Moderate
CVE-2022-24093 was published for magento/community-edition (Composer) Sep 18, 2023
HashiCorp Vault Improper Input Validation vulnerability Moderate
CVE-2023-4680 was published for github.com/hashicorp/vault (Go) Sep 15, 2023
Apache Commons Compress denial of service vulnerability Moderate
CVE-2023-42503 was published for org.apache.commons:commons-compress (Maven) Sep 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database