Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,632 advisories

Loading
Gila CMS SQL Injection vulnerability Low
CVE-2020-26625 was published for gilacms/gila (Composer) Jan 3, 2024
Gila CMS SQL Injection vulnerability Low
CVE-2020-26624 was published for gilacms/gila (Composer) Jan 3, 2024
Winter CMS Local File Inclusion through Server Side Template Injection Low
CVE-2023-52085 was published for winter/wn-backend-module (Composer) Jan 2, 2024
Sanineng
Credited to Sanineng
Mattermost allows demoted guests to change group names Low
CVE-2023-50333 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 2, 2024
Mattermost Cross-site Scripting vulnerability Low
CVE-2023-7113 was published for github.com/mattermost/mattermost/server/v8 (Go) Dec 29, 2023
Winter CMS Stored XSS through Backend ColorPicker FormWidget Low
CVE-2023-52084 was published for winter/wn-backend-module (Composer) Dec 28, 2023
Sanineng
Credited to Sanineng
Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming Low
CVE-2023-52083 was published for winter/wn-system-module (Composer) Dec 28, 2023
Cyber-Wo0dy
Credited to Cyber-Wo0dy
Nautobot missing object-level permissions enforcement when running Job Buttons Low
CVE-2023-51649 was published for nautobot (pip) Dec 22, 2023
abdikanipd
Credited to abdikanipd
Authenticated Blind SSRF in automad/automad Low
CVE-2023-7037 was published for automad/automad (Composer) Dec 21, 2023
marcantondahmen
Credited to marcantondahmen
Withdrawn Advisory: Stored Cross-site scripting affecting automad/automad Low
CVE-2023-7035 was published for automad/automad (Composer) Dec 21, 2023 withdrawn
marcantondahmen
Credited to marcantondahmen
yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation Low
CVE-2023-50708 was published for yiisoft/yii2-authclient (Composer) Dec 18, 2023
rhertogh
Credited to rhertogh
nvdApiKey is logged in debug mode Low
GHSA-qqhq-8r2c-c3f5 was published for org.owasp:dependency-check-ant (Maven) Dec 15, 2023
hott-box
Credited to hott-box
Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut Low
GHSA-3mv5-343c-w2qg was published for zerocopy (Rust) Dec 15, 2023
Broken access control in Silverpeas Low
CVE-2023-47320 was published for org.silverpeas.core:silverpeas-core-war (Maven) Dec 13, 2023
Unauthenticated db-file-storage views Low
CVE-2023-50263 was published for nautobot (pip) Dec 13, 2023
Kircheneer
Credited to Kircheneer
Stored XSS via SVG File Upload Low
CVE-2023-49279 was published for Umbraco.CMS (NuGet) Dec 13, 2023
S3ntago
Credited to S3ntago
Brute force exploit can be used to collect valid usernames Low
CVE-2023-49278 was published for Umbraco.CMS (NuGet) Dec 13, 2023
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email. Low
CVE-2023-49274 was published for Umbraco.CMS (NuGet) Dec 13, 2023
emmagarland
Credited to emmagarland
Using the directory back payload (“/../”) in a package name allows placement of package in other folders. Low
CVE-2023-49089 was published for Umbraco.CMS (NuGet) Dec 13, 2023
mjalt96
Credited to mjalt96
Backoffice User can bypass "Publish" restriction Low
CVE-2023-48227 was published for Umbraco.CMS (NuGet) Dec 13, 2023
roie-shmuel
Credited to roie-shmuel
Possible injection of HTML into user invite mails Low
CVE-2023-38694 was published for Umbraco.CMS (NuGet) Dec 13, 2023
Stale copy of the public suffix list Low
GHSA-w4x6-hh3x-wjrx was published for Gsemac.Net (NuGet) Dec 11, 2023
eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations Low
GHSA-99jv-8292-2hpm was published for knative.dev/eventing-gitlab (Go) Dec 8, 2023
dbt-core's secret env vars written to package-lock.json in plaintext Low
GHSA-j4g3-3q8x-jxqp was published for dbt-core (pip) Dec 8, 2023
jtcohen6 martynydbt
Credited to jtcohen6 and martynydbt
Microweber missing standardized error handling mechanism Low
CVE-2023-6599 was published for microweber/microweber (Composer) Dec 8, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database