Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,757
Maven
5,000+
npm
4,363
NuGet
766
pip
4,128
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

25,062 advisories

Loading
NULL pointer derefernce in `stb_image` Moderate
GHSA-ppjr-267j-5p9x was published for stb_image (Rust) Mar 20, 2023
svg-sanitizer has Cross-site Scripting Bypass Moderate
CVE-2023-28426 was published for enshrined/svg-sanitize (Composer) Mar 20, 2023 withdrawn
Im10n ohader
Credited to Im10n and ohader
Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field Moderate
CVE-2023-28429 was published for pimcore/pimcore (Composer) Mar 20, 2023
Pimcore vulnerable to Cross-site Scripting (XSS) in Redirects Moderate
CVE-2023-1515 was published for pimcore/pimcore (Composer) Mar 20, 2023
khanhchauminh
Credited to khanhchauminh
Pimcore has Cross site Scripting vulnerability in Schedule tab of Documents Moderate
CVE-2023-1517 was published for pimcore/pimcore (Composer) Mar 20, 2023
khanhchauminh
Credited to khanhchauminh
Apache Sling Resource Merger has Excessive Iteration vulnerability High
CVE-2023-26513 was published for org.apache.sling:org.apache.sling.resourcemerger (Maven) Mar 20, 2023
imgproxy Cross-site Scripting vulnerability Moderate
CVE-2023-1496 was published for github.com/imgproxy/imgproxy/v3 (Go) Mar 19, 2023
jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode High
CVE-2021-46877 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 19, 2023
Ansible Semaphore mishandles authentication Critical
CVE-2023-28609 was published for github.com/ansible-semaphore/semaphore (Go) Mar 18, 2023
Collection.js vulnerable to Prototype Pollution High
CVE-2023-26113 was published for collection.js (npm) Mar 18, 2023
PHAR deserialization allowing remote code execution Critical
CVE-2023-28115 was published for knplabs/knp-snappy (Composer) Mar 17, 2023
psmoros nightfury99
Credited to psmoros and nightfury99
Cilium eBPF filters may be temporarily removed during agent restart Moderate
CVE-2023-27595 was published for github.com/cilium/cilium (Go) Mar 17, 2023
ldelossa ti-mo
aanm
Credited to ldelossa, ti-mo, and aanm
Potential network policy bypass when routing IPv6 traffic Moderate
CVE-2023-27594 was published for github.com/cilium/cilium (Go) Mar 17, 2023
ysksuzuki
Credited to ysksuzuki
cilium-agent container can access the host via `hostPath` mount Moderate
CVE-2023-27593 was published for github.com/cilium/cilium (Go) Mar 17, 2023
tasoskoutlis-f3 daniel-f3
mag-ocz
Credited to tasoskoutlis-f3, daniel-f3, and mag-ocz
Improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model High
CVE-2023-28108 was published for pimcore/pimcore (Composer) Mar 17, 2023
Cross-site Scripting (XSS) in UrlSlug Data type Moderate
CVE-2023-28106 was published for pimcore/pimcore (Composer) Mar 17, 2023
Authorization Bypass Through User-Controlled Key play-with-docker Moderate
CVE-2023-28109 was published for github.com/play-with-docker/play-with-docker (Go) Mar 17, 2023
cokeBeer
Credited to cokeBeer
Streamlit publishes previously-patched Cross-site Scripting vulnerability Moderate
CVE-2023-27494 was published for streamlit (pip) Mar 17, 2023
russh may use insecure Diffie-Hellman keys Moderate
CVE-2023-28113 was published for russh (Rust) Mar 17, 2023
Holzhaus lambdafu
Credited to Holzhaus and lambdafu
Improper Authorization in nilsteampassnet/teampass Moderate
CVE-2023-1463 was published for nilsteampassnet/teampass (Composer) Mar 17, 2023
jeecg-boot SQL Injection vulnerability Critical
CVE-2023-1454 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Mar 17, 2023
Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails Moderate
CVE-2014-4920 was published for twitter-bootstrap-rails (RubyGems) Mar 16, 2023
Reflected XSS in Application Logger module Moderate
GHSA-2xpm-cmvw-3jcc was published for pimcore/pimcore (Composer) Mar 16, 2023
khanhchauminh
Credited to khanhchauminh
Cross-site Scripting (XSS) in Document Types Moderate
CVE-2023-1429 was published for pimcore/pimcore (Composer) Mar 16, 2023
khanhchauminh
Credited to khanhchauminh
Cross-site Scripting (XSS) - stored in Print Documents Moderate
GHSA-rrwm-8wqm-gwgv was published for pimcore/pimcore (Composer) Mar 16, 2023
vishnuraj-r
Credited to vishnuraj-r
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database