Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,762
Maven
5,000+
npm
4,371
NuGet
767
pip
4,141
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

25,106 advisories

Loading
Answer vulnerable to account takeover because password reset links do not expire High
CVE-2023-1976 was published for github.com/answerdev/answer (Go) Apr 11, 2023
safe-eval vulnerable to Prototype Pollution via the safeEval function Critical
CVE-2023-26121 was published for safe-eval (npm) Apr 11, 2023
safe-eval vulnerable to Sandbox Bypass due to improper input sanitization Critical
CVE-2023-26122 was published for safe-eval (npm) Apr 11, 2023
yuan1994 tpAdmin Unrestricted Upload of File with Dangerous Type vulnerability High
CVE-2023-1970 was published for yuan1994/tpadmin (Composer) Apr 10, 2023
yuan1994 tpAdmin vulnerable to Server-Side Request Forgery Moderate
CVE-2023-1971 was published for yuan1994/tpadmin (Composer) Apr 10, 2023
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB High
CVE-2023-29005 was published for Flask-AppBuilder (pip) Apr 10, 2023
Allegro Tech BigFlow vulnerable to Missing SSL Certificate Validation Moderate
CVE-2023-25392 was published for bigflow (pip) Apr 10, 2023
Apache Linkis JDBC EngineConn has deserialization vulnerability Critical
CVE-2023-29215 was published for org.apache.linkis:linkis-engineconn (Maven) Apr 10, 2023
Apache Linkis DatasourceManager module has deserialization vulnerability Critical
CVE-2023-29216 was published for org.apache.linkis:linkis-datasource (Maven) Apr 10, 2023
XXL-JOB vulnerable to Cross-site Scripting Moderate
CVE-2023-26120 was published for com.xuxueli:xxl-job (Maven) Apr 10, 2023
vm2 vulnerable to sandbox escape Critical
CVE-2023-29017 was published for vm2 (npm) Apr 7, 2023
seongil-wi rectcoordsystem
Credited to seongil-wi and rectcoordsystem
ntru-rs has unsound FFI: Wrong API usage causes write past allocated area Moderate
GHSA-fq33-vmhv-48xh was published for ntru (Rust) Apr 7, 2023
SvelteKit framework has Insufficient CSRF protection for CORS requests High
CVE-2023-29008 was published for @sveltejs/kit (npm) Apr 7, 2023
Ry0taK benmccann
dominikg Conduitry
Credited to Ry0taK, benmccann, dominikg, and Conduitry
Goobi viewer Core Reflected Cross-Site Scripting Vulnerability Using LOGID Parameter Moderate
CVE-2023-29014 was published for io.goobi.viewer:viewer-core (Maven) Apr 7, 2023
Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments Moderate
CVE-2023-29015 was published for io.goobi.viewer:viewer-core (Maven) Apr 7, 2023
Goobi viewer Core has Cross-Site Scripting Vulnerability in User Nicknames Moderate
CVE-2023-29016 was published for io.goobi.viewer:viewer-core (Maven) Apr 7, 2023
Apache Airflow Hive Provider vulnerable to code injection Critical
CVE-2023-28706 was published for apache-airflow-providers-apache-hive (pip) Apr 7, 2023
Apache Airflow Spark Provider vulnerable to improper input validation High
CVE-2023-28710 was published for apache-airflow-providers-apache-spark (pip) Apr 7, 2023
Apache Airflow Drill Provider vulnerable to improper input validation High
CVE-2023-28707 was published for apache-airflow-providers-apache-drill (pip) Apr 7, 2023
xml2js is vulnerable to prototype pollution Moderate
CVE-2023-0842 was published for xml2js (npm) Apr 5, 2023
nokarin-dev OIRNOIR
simonkrol Harrington-Joe_pfghub G-Rath
Credited to nokarin-dev, OIRNOIR, simonkrol, Harrington-Joe_pfghub, and G-Rath
HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation High
CVE-2023-1782 was published for github.com/hashicorp/nomad (Go) Apr 5, 2023
thorsten/phpmyfaq vulnerable to improper access control Moderate
CVE-2023-1883 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to business logic errors High
CVE-2023-1887 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
G-Rath
Credited to G-Rath
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter Moderate
CVE-2023-1879 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to cross-site scripting (XSS) via stopword parameter Moderate
CVE-2023-1884 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database