Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,761
Maven
5,000+
npm
4,368
NuGet
767
pip
4,137
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

25,093 advisories

Loading
Comrak vulnerable to production of excessive output when parsing Markdown (GHSL-2023-048) Moderate
GHSA-xxmq-4vph-956w was published for comrak (Rust) Mar 28, 2023
philipturnbull
Credited to philipturnbull
Comrak vulnerable to quadratic runtime issues when parsing Markdown (GHSL-2023-047) Moderate
CVE-2023-28626 was published for comrak (Rust) Mar 28, 2023
philipturnbull
Credited to philipturnbull
Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch Critical
CVE-2023-20860 was published for org.springframework:spring (Maven) Mar 28, 2023
sunSUNQ AndrzejBiernacki2010
Credited to sunSUNQ and AndrzejBiernacki2010
lambdaisland/uri `authority-regex` returns the wrong authority Moderate
CVE-2023-28628 was published for lambdaisland:uri (Maven) Mar 27, 2023
luigigubello plexus
Credited to luigigubello and plexus
Snappier vulnerable to buffer overrun due to improper restriction of operations within the bounds of a memory buffer High
CVE-2023-28638 was published for Snappier (NuGet) Mar 27, 2023
brantburnett
Credited to brantburnett
Apiman vulnerable to permissions bypass due to missing check on API key URL Moderate
CVE-2023-28640 was published for io.apiman:apiman-manager-api-rest-impl (Maven) Mar 27, 2023
volkflo
Credited to volkflo
Fluid Components TYPO3 extension vulnerable to Cross-Site Scripting Moderate
CVE-2023-28604 was published for sitegeist/fluid-components (Composer) Mar 27, 2023
Podman Time-of-check Time-of-use (TOCTOU) Race Condition Moderate
CVE-2023-0778 was published for github.com/containers/podman/v4 (Go) Mar 27, 2023
Magento Open Source allows XML Injection High
CVE-2023-22247 was published for magento/community-edition (Composer) Mar 27, 2023
Magento Open Source allows Incorrect Authorization Moderate
CVE-2023-22251 was published for magento/community-edition (Composer) Mar 27, 2023
pgAdmin 4 vulnerable to directory traversal Moderate
CVE-2023-0241 was published for pgadmin4 (pip) Mar 27, 2023
Magento Open Source allows Improper Access Control Moderate
CVE-2023-22250 was published for magento/community-edition (Composer) Mar 27, 2023
NATS TLS certificate common name validation bypass Moderate
GHSA-wvc4-j7g5-4f79 was published for nats (Rust) Mar 27, 2023
TensorFlow Denial of Service vulnerability Moderate
CVE-2023-25661 was published for tensorflow (pip) Mar 27, 2023
dengyinlin
Credited to dengyinlin
Complianz WordPress plugin vulnerable to cross-site scripting Moderate
CVE-2023-1069 was published for really-simple-plugins/complianz-gdpr (Composer) Mar 27, 2023
Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module Moderate
CVE-2023-27096 was published for cn.hippo4j:hippo4j-all (Maven) Mar 27, 2023
Apache InLong vulnerable to JDBC Deserialization of Untrusted Data High
CVE-2023-27296 was published for org.apache.inlong:inlong-manager (Maven) Mar 27, 2023
Duplicate Advisory: pullit Command Injection vulnerability High
GHSA-2w9p-xf5h-qwj3 was published for pullit (npm) Mar 27, 2023 withdrawn
GraphQL Java vulnerable to stack consumption High
CVE-2023-28867 was published for com.graphql-java:graphql-java (Maven) Mar 27, 2023
redis-py Race Condition due to incomplete fix High
CVE-2023-28859 was published for redis (pip) Mar 26, 2023
artoj-iceye sreecharanguduri
Credited to artoj-iceye and sreecharanguduri
redis-py Race Condition vulnerability Moderate
CVE-2023-28858 was published for redis (pip) Mar 26, 2023
Interactive `run` permission prompt spoofing via improper ANSI neutralization High
CVE-2023-28446 was published for deno (Rust) Mar 24, 2023
tristan-f-r
Credited to tristan-f-r
angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend Critical
CVE-2023-28444 was published for angular-server-side-configuration (npm) Mar 24, 2023
milo526
Credited to milo526
Nginx alias path traversal allows unauthenticated attackers to read all files on /label_studio/core/ High
GHSA-cpmr-mw4j-99r7 was published for label-studio (pip) Mar 24, 2023
c3l3si4n farioas
Credited to c3l3si4n and farioas
`openssl` `X509NameBuilder::build` returned object is not thread safe Moderate
GHSA-3gxf-9r58-2ghg was published for openssl (Rust) Mar 24, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database