Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,128 advisories

Loading
Prevent injection of invalid entity ids for "autocomplete" fields Moderate
CVE-2023-41336 was published for symfony/ux-autocomplete (Composer) Sep 11, 2023
janklan
Credited to janklan
Magento affected by remote code execution vulnerability in the CMS page scheduled update feature Critical
CVE-2021-36021 was published for magento/community-edition (Composer) Sep 6, 2023
Apache Superset Improper Input Validation vulnerability Moderate
CVE-2023-39265 was published for apache-superset (pip) Sep 6, 2023
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService Critical
CVE-2023-40743 was published for axis:axis (Maven) Sep 5, 2023
jkmartindale ebickle
Credited to jkmartindale and ebickle
usememos/memos vulnerable to improper input validation High
CVE-2023-4698 was published for github.com/usememos/memos (Go) Sep 1, 2023
Filename spoofing in archive High
CVE-2023-39137 was published for archive (Pub) Aug 31, 2023
kj415j45
Credited to kj415j45
@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS Moderate
CVE-2023-26364 was published for @adobe/css-tools (npm) Aug 29, 2023
Airflow Sqoop Provider RCE Vulnerability High
CVE-2023-27604 was published for apache-airflow-providers-apache-sqoop (pip) Aug 28, 2023
Apache Airflow Spark Provider Improper Input Validation vulnerability High
CVE-2023-40272 was published for apache-airflow-providers-apache-spark (pip) Aug 17, 2023
Woodpecker does not validate webhook before changing any data High
CVE-2023-40034 was published for github.com/woodpecker-ci/woodpecker (Go) Aug 16, 2023
anbraten 6543
Credited to anbraten and 6543
apache-airflow-providers-apache-drill Improper Input Validation vulnerability High
CVE-2023-39553 was published for apache-airflow-providers-apache-drill (pip) Aug 11, 2023
SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution Critical
CVE-2023-39532 was published for ses (npm) Aug 9, 2023
corrideat
Credited to corrideat
PrestaShop file deletion via CustomerMessage Moderate
CVE-2023-39530 was published for prestashop/prestashop (Composer) Aug 9, 2023
kto94
Credited to kto94
PrestaShop file deletion via attachment API Moderate
CVE-2023-39529 was published for prestashop/prestashop (Composer) Aug 9, 2023
kto94
Credited to kto94
lol-html panics on certain HTML inputs High
CVE-2023-4241 was published for lol-html (Rust) Aug 9, 2023
import-in-the-middle has unsanitized user controlled input in module generation High
CVE-2023-38704 was published for import-in-the-middle (npm) Aug 8, 2023
Denial of service in jackson-dataformat-toml High
CVE-2023-3894 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-toml (Maven) Aug 8, 2023
Mochis ryanmurf
Credited to Mochis and ryanmurf
omeka/omeka-s Improper Input Validation vulnerability Moderate
CVE-2023-4157 was published for omeka/omeka-s (Composer) Aug 4, 2023
matrix-appservice-irc IRC command injection via admin commands containing newlines Moderate
CVE-2023-38690 was published for matrix-appservice-irc (npm) Aug 4, 2023
Silverstripe Framework: Members with no password can be created and bypass custom login forms Low
CVE-2023-32302 was published for silverstripe/framework (Composer) Jul 31, 2023
sabina-talipova bimthebam
maxime-rainville
Credited to sabina-talipova, bimthebam, and maxime-rainville
Possible image tampering from missing image validation for Packages High
CVE-2023-38495 was published for github.com/crossplane/crossplane (Go) Jul 28, 2023
AdamKorcz DavidKorczynski
phisco
Credited to AdamKorcz, DavidKorczynski, and phisco
Apache Airflow Apache Hive Provider Improper Input Validation vulnerability High
CVE-2023-37415 was published for apache-airflow-providers-apache-hive (pip) Jul 13, 2023
Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation Moderate
CVE-2023-37948 was published for org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute (Maven) Jul 12, 2023
Apache Airflow Improper Input Validation vulnerability High
CVE-2023-36543 was published for apache-airflow (pip) Jul 12, 2023
Apache Airflow Improper Input Validation vulnerability High
CVE-2023-22888 was published for apache-airflow (pip) Jul 12, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database