Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,761
Maven
5,000+
npm
4,368
NuGet
767
pip
4,137
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

25,093 advisories

Loading
OpenAPI Generator vulnerable to Server-Side Request Forgery Critical
CVE-2023-27162 was published for org.openapitools:openapi-generator-project (Maven) Mar 31, 2023
jeecg-boot vulnerable to improper authentication Critical
CVE-2023-1784 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Mar 31, 2023
zstd vulnerable to buffer overrun High
CVE-2022-4899 was published for github.com/facebook/zstd (pip) Mar 31, 2023
Stud42 vulnerable to denial of service High
GHSA-3hwm-922r-47hw was published for atomys.codes/stud42 (Go) Mar 31, 2023
nullswan 42atomys
Credited to nullswan and 42atomys
Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings Moderate
CVE-2023-1701 was published for pimcore/pimcore (Composer) Mar 31, 2023
nhaanhaa
Credited to nhaanhaa
Pimcore Cross-site Scripting in Predefined Asset Metadata module in Settings Moderate
CVE-2023-1702 was published for pimcore/pimcore (Composer) Mar 31, 2023
nhaanhaa
Credited to nhaanhaa
pimcore is vulnerable to cross-site scripting in translate module Moderate
CVE-2023-1704 was published for pimcore/pimcore (Composer) Mar 31, 2023
ghostbit11
Credited to ghostbit11
Mattermost vulnerable to cross-site scripting (XSS) Moderate
CVE-2023-1776 was published for github.com/mattermost/mattermost-server (Go) Mar 31, 2023
Mattermost vulnerable to information disclosure Moderate
CVE-2023-1777 was published for github.com/mattermost/mattermost-server (Go) Mar 31, 2023
Mattermost vulnerable to information disclosure Moderate
CVE-2023-1775 was published for github.com/mattermost/mattermost-server (Go) Mar 31, 2023
Mattermost fails to properly authentication inviter's permissions to private channel Moderate
CVE-2023-1774 was published for github.com/mattermost/mattermost-server (Go) Mar 31, 2023
Ruby Time component ReDoS issue High
CVE-2023-28756 was published for time (RubyGems) Mar 31, 2023
Ruby URI component ReDoS issue High
CVE-2023-28755 was published for uri (RubyGems) Mar 31, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-1760 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
phpMyFAQ Cross-site Scripting vulnerability Moderate
CVE-2023-1755 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-1759 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
phpMyFAQ has weak password requirements Moderate
CVE-2023-1753 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
phpMyFAQ vulnerable to improper input validation Moderate
CVE-2023-1754 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
phpMyFAQ Code Injection vulnerability Moderate
CVE-2023-1761 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
aruneko
Credited to aruneko
thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management High
CVE-2023-1762 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
jeecg-boot vulnerable to SQL injection Critical
CVE-2023-1741 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Mar 31, 2023
unpoly-rails Denial of Service vulnerability Moderate
CVE-2023-28846 was published for unpoly-rails (RubyGems) Mar 30, 2023
codener triskweline
moritz-makandra eheinle-mak
Credited to codener, triskweline, moritz-makandra, and eheinle-mak
mindsdb arbitrary file write when extracting a remotely retrieved Tarball High
CVE-2023-30620 was published for mindsdb (pip) Mar 30, 2023
Sim4n6
Credited to Sim4n6
Payara Server allows remote attackers to load malicious code on the server once a JNDI directory scan is performed Critical
CVE-2023-28462 was published for fish.payara.server:payara-aggregator (Maven) Mar 30, 2023
runc AppArmor bypass with symlinked /proc Moderate
CVE-2023-28642 was published for github.com/opencontainers/runc (Go) Mar 30, 2023
ssst0n3
Credited to ssst0n3
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database