Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,902
Maven
5,000+
npm
4,560
NuGet
786
pip
4,288
Pub
12
RubyGems
979
Rust
1,110
Swift
49
Unreviewed advisories
All unreviewed
5,000+

25,812 advisories

Loading
semver vulnerable to Regular Expression Denial of Service High
CVE-2022-25883 was published for semver (npm) Jun 21, 2023
mrgrain G-Rath
Credited to mrgrain and G-Rath
XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel High
CVE-2023-35166 was published for org.xwiki.platform:xwiki-platform-help-ui (Maven) Jun 20, 2023
When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id Moderate
CVE-2023-35167 was published for remult (npm) Jun 20, 2023
ChrisRimmer
Credited to ChrisRimmer
XWiki Platform vulnerable to cross-site scripting via xcontinue parameter in previewactions template Critical
CVE-2023-35162 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Jun 20, 2023
XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email High
CVE-2023-35155 was published for org.xwiki.platform:xwiki-platform-sharepage-api (Maven) Jun 20, 2023
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters Critical
CVE-2023-35153 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Jun 20, 2023
renniepak
Credited to renniepak
XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults Critical
CVE-2023-35152 was published for org.xwiki.platform:xwiki-platform-like-ui (Maven) Jun 20, 2023
XWiki Platform may show email addresses in clear in REST results High
CVE-2023-35151 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Jun 20, 2023
XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application Critical
CVE-2023-35150 was published for org.xwiki.platform:xwiki-platform-invitation-ui (Maven) Jun 20, 2023
XWiki Platform may retrieve email addresses of all users High
CVE-2023-34467 was published for org.xwiki.platform:xwiki-platform-livetable-ui (Maven) Jun 20, 2023
floerer
Credited to floerer
XWiki Platform's tags on non-viewable pages can be revealed to users Moderate
CVE-2023-34466 was published for org.xwiki.platform:xwiki-platform-tag-api (Maven) Jun 20, 2023
XWiki Platform's Mail.MailConfig can be edited by any user with edit rights Critical
CVE-2023-34465 was published for org.xwiki.platform:xwiki-platform-mail-send-default (Maven) Jun 20, 2023
XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template Critical
CVE-2023-34464 was published for org.xwiki.platform:xwiki-platform-web (Maven) Jun 20, 2023
Vega's validators able to submit duplicate transactions Moderate
CVE-2023-35163 was published for code.vegaprotocol.io/vega (Go) Jun 20, 2023
wwestgarth
Credited to wwestgarth
netty-handler SniHandler 16MB allocation Moderate
CVE-2023-34462 was published for io.netty:netty-handler (Maven) Jun 20, 2023
vietj
Credited to vietj
Langchain vulnerable to arbitrary code execution Critical
CVE-2023-34541 was published for langchain (pip) Jun 20, 2023
Alluxio Cross Site Scripting vulnerability Moderate
CVE-2020-21485 was published for org.alluxio:alluxio-parent (Maven) Jun 20, 2023
Liufee CMS File Upload vulnerability Critical
CVE-2020-21489 was published for feehi/cms (Composer) Jun 20, 2023
liufee CMS File Upload vulnerability Critical
CVE-2020-21174 was published for feehi/cms (Composer) Jun 20, 2023
GilaCMS Cross Site Request Forgery vulnerability High
CVE-2020-20726 was published for gilacms/gila (Composer) Jun 20, 2023
Craft CMS vulnerable to HTML injection Moderate
CVE-2023-33495 was published for craftcms/cms (Composer) Jun 20, 2023
NodCMS Cross Site Scripting vulnerability Moderate
CVE-2020-20697 was published for khodakhah/nodcms (Composer) Jun 20, 2023
YiiCMS Cross Site Scripting vulnerability Moderate
CVE-2020-21246 was published for sheng/yiicms (Composer) Jun 20, 2023
AWS CDK EKS overly permissive trust policies Moderate
CVE-2023-35165 was published for @aws-cdk/aws-eks (npm) Jun 19, 2023
twelvemo stefreak
Credited to twelvemo and stefreak
Jenkins Team Concert Plugin does not perform permission checks in methods implementing form validation Moderate
CVE-2023-3315 was published for org.jenkins-ci.plugins:teamconcert (Maven) Jun 19, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database