Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,757
Maven
5,000+
npm
4,363
NuGet
766
pip
4,128
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

25,062 advisories

Loading
Timing attack in eZ Platform Ibexa Low
CVE-2022-48366 was published for ezsystems/ezplatform-kernel (Composer) Mar 12, 2023
Access control issue in ezsystems/ezpublish-kernel Critical
CVE-2022-48367 was published for ezsystems/ezpublish-kernel (Composer) Mar 12, 2023
Company admin role gives excessive privileges in eZ Platform Ibexa High
CVE-2022-48365 was published for ezsystems/ezplatform-kernel (Composer) Mar 12, 2023
Cross Site Scripting in eZ Platform Ibexa Kernel Moderate
CVE-2021-46875 was published for ezsystems/ezplatform-kernel (Composer) Mar 12, 2023
User account enumeration in eZ Publish Ibexa Kernel Moderate
CVE-2021-46876 was published for ezsystems/ezpublish-kernel (Composer) Mar 12, 2023
Crossplane-runtime contains Improper Input Validation via Compositions Moderate
CVE-2023-27484 was published for github.com/crossplane/crossplane (Go) Mar 10, 2023
phisco AdamKorcz
DavidKorczynski
Credited to phisco, AdamKorcz, and DavidKorczynski
HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057 High
CVE-2023-28465 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Mar 10, 2023
JLLeitschuh
Credited to JLLeitschuh
Incorrect Authorization in Jenkins Core High
CVE-2023-27899 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Credited to westonsteimel
Information disclosure through error stack traces related to agents Low
CVE-2023-27904 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Credited to westonsteimel
Denial of service in Jenkins Core High
CVE-2023-27901 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Credited to westonsteimel
Incorrect Permission Preservation in Jenkins Core Moderate
CVE-2023-27902 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Credited to westonsteimel
Cross-site Scripting vulnerability in Jenkins High
CVE-2023-27898 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel yakirk
Credited to westonsteimel and yakirk
Denial of service in Jenkins Core Moderate
CVE-2023-27900 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Credited to westonsteimel
Cross site scripting vulnerability in update-center2 Moderate
CVE-2023-27905 was published for org.jenkins-ci:update-center2 (Maven) Mar 10, 2023
yakirk
Credited to yakirk
Incorrect Authorization in Jenkins Core Low
CVE-2023-27903 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Credited to westonsteimel
stoqey/gnuplot is vulnerable to command injection Critical
CVE-2021-33360 was published for @stoqey/gnuplot (npm) Mar 10, 2023
Apache Log4j 1.x (EOL) allows Denial of Service (DoS) High
CVE-2023-26464 was published for log4j:log4j (Maven) Mar 10, 2023
jw123023 AndrzejBiernacki2010
Credited to jw123023 and AndrzejBiernacki2010
Funadmin vulnerable to SQL injection Critical
CVE-2023-24774 was published for funadmin/funadmin (Composer) Mar 10, 2023
cockpit-hq/cockpit is vulnerable to unrestricted file uploads High
CVE-2023-1313 was published for cockpit-hq/cockpit (Composer) Mar 10, 2023
pimcore is vulnerable to cross-site scripting Moderate
CVE-2023-1312 was published for pimcore/pimcore (Composer) Mar 10, 2023
Cross-site Scripting in django-ajax-utilities Moderate
CVE-2017-20182 was published for django-ajax-utilities (pip) Mar 10, 2023
Froxlor is vulnerable to authentication bypass Critical
CVE-2023-1307 was published for froxlor/froxlor (Composer) Mar 10, 2023
Constellation allows Emergency shell access during initramfs boot phase High
GHSA-6w5f-5wgr-qjg5 was published for github.com/edgelesssys/constellation/v2 (Go) Mar 9, 2023
Consul Server Panic when Ingress and API Gateways Configured with Peering Connections Moderate
CVE-2023-0845 was published for github.com/hashicorp/consul (Go) Mar 9, 2023
Cross-site Scripting (XSS) in pimcore/pimcore Moderate
CVE-2023-1286 was published for pimcore/pimcore (Composer) Mar 9, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database