Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,762
Maven
5,000+
npm
4,371
NuGet
767
pip
4,141
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

25,106 advisories

Loading
Ming-Soft MCMS vulnerable to SQL injection Critical
CVE-2020-20913 was published for net.mingsoft:ms-mcms (Maven) Apr 4, 2023
Pandao Editor.md vulnerable to cross-site scripting (XSS) in editor parameter Moderate
CVE-2020-19698 was published for editor.md (npm) Apr 4, 2023
Etcd-io Improper Authentication vulnerability Critical
CVE-2021-28235 was published for go.etcd.io/etcd/v3 (Go) Apr 4, 2023
Directus API vulnerable to denial of service Moderate
CVE-2020-19850 was published for directus (npm) Apr 4, 2023
pimcore is vulnerable to cross-site scripting in Composite indices key field Moderate
CVE-2023-1703 was published for pimcore/pimcore (Composer) Apr 4, 2023
spin-rs initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers Moderate
GHSA-2qv5-7mw5-j3cg was published for spin (Rust) Apr 3, 2023
Silverstripe Form Capture vulnerable to stored cross-site-scripting Moderate
CVE-2023-28851 was published for andrewhaine/silverstripe-form-capture (Composer) Apr 3, 2023
tommcclymont jkylekelly
Credited to tommcclymont and jkylekelly
Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files Moderate
CVE-2023-28837 was published for wagtail (pip) Apr 3, 2023
RealOrangeOne
Credited to RealOrangeOne
Pimcore Perspective Editor vulnerable to stored cross-site scripting (XSS) in perspective name Moderate
CVE-2023-28850 was published for pimcore/perspective-editor (Composer) Apr 3, 2023
cupc4k3
Credited to cupc4k3
ADMesh improper array index validation High
CVE-2022-38072 was published for admesh (pip) Apr 3, 2023
Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views High
CVE-2023-28836 was published for wagtail (pip) Apr 3, 2023
thibaudcolas
Credited to thibaudcolas
Regular Expression Denial of Service in Deno.upgradeWebSocket API Moderate
CVE-2023-26103 was published for deno (Rust) Apr 3, 2023
dellalibera
Credited to dellalibera
Apache James server's JMX management service vulnerable to privilege escalation by local user High
CVE-2023-26269 was published for org.apache.james:javax-mail-extension (Maven) Apr 3, 2023
configobj ReDoS exploitable by developer using values in a server-side configuration file Low
CVE-2023-26112 was published for configobj (pip) Apr 3, 2023
timothestoifl24
Credited to timothestoifl24
Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration Moderate
CVE-2023-28673 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Jenkins Mashup Portlets Plugin vulnerable to stored cross-site scripting High
CVE-2023-28679 was published for javagh.jenkins:mashup-portlets-plugin (Maven) Apr 2, 2023
Jenkins Crap4J Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28680 was published for org.jenkins-ci.plugins:crap4j (Maven) Apr 2, 2023
Jenkins Visual Studio Code Metrics Plugin vulnerable to XML external entity (XXE) attacks High
CVE-2023-28681 was published for org.jenkins-ci.plugins:vs-code-metrics (Maven) Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery Moderate
CVE-2023-28674 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Jenkins Pipeline Aggregator View Plugin vulnerable to Cross-site Scripting High
CVE-2023-28670 was published for com.paul8620.jenkins.plugins:pipeline-aggregator-view (Maven) Apr 2, 2023
Jenkins Role-based Authorization Strategy Plugin grants permissions even after they’ve been disabled Moderate
CVE-2023-28668 was published for org.jenkins-ci.plugins:role-strategy (Maven) Apr 2, 2023
Jenkins JaCoCo Plugin vulnerable to Stored Cross-site Scripting High
CVE-2023-28669 was published for org.jenkins-ci.plugins:jacoco (Maven) Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture Moderate
CVE-2023-28672 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery High
CVE-2023-28676 was published for org.jenkins-ci.plugins:convert-to-pipeline (Maven) Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections Moderate
CVE-2023-28675 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database