Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,757
Maven
5,000+
npm
4,363
NuGet
766
pip
4,128
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

25,062 advisories

Loading
node-bluetooth is vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation Critical
CVE-2023-26110 was published for node-bluetooth (npm) Mar 9, 2023
node-bluetooth-serial-port is vulnerable to Buffer Overflow via the findSerialPortChannel Critical
CVE-2023-26109 was published for node-bluetooth-serial-port (npm) Mar 9, 2023
builderio/qwik is vulnerable to code injection Critical
CVE-2023-1283 was published for @builder.io/qwik (npm) Mar 9, 2023
SQL Injection in Funadmin Critical
CVE-2023-24777 was published for funadmin/funadmin (Composer) Mar 9, 2023
wasmtime vulnerable to guest-controlled out-of-bounds read/write on x86_64 Critical
CVE-2023-26489 was published for cranelift-codegen (Rust) Mar 9, 2023
alexcrichton
Credited to alexcrichton
wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64 Low
CVE-2023-27477 was published for cranelift-codegen (Rust) Mar 9, 2023
afonso360
Credited to afonso360
SQL Injection in Funadmin Critical
CVE-2023-24782 was published for funadmin/funadmin (Composer) Mar 8, 2023
SQL Injection in Funadmin Critical
CVE-2023-24773 was published for funadmin/funadmin (Composer) Mar 8, 2023
Rack has possible DoS Vulnerability in Multipart MIME parsing High
CVE-2023-27530 was published for rack (RubyGems) Mar 8, 2023
XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference High
CVE-2023-27480 was published for org.xwiki.platform:xwiki-platform-xar-model (Maven) Mar 8, 2023
org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection Critical
CVE-2023-27479 was published for org.xwiki.platform:xwiki-platform-panels-ui (Maven) Mar 8, 2023
Directus vulnerable to extraction of password hashes through export querying Moderate
CVE-2023-27481 was published for directus (npm) Mar 8, 2023
erik921 wgorecki
Credited to erik921 and wgorecki
Easy!Appointments uses hard-coded credentials Critical
CVE-2023-1269 was published for alextselegidis/easyappointments (Composer) Mar 8, 2023
Apache Dubbo vulnerable to Deserialization of Untrusted Data Critical
CVE-2023-23638 was published for org.apache.dubbo:dubbo (Maven) Mar 8, 2023
loganaden
Credited to loganaden
SQL Injection in Funadmin Critical
CVE-2023-24780 was published for funadmin/funadmin (Composer) Mar 8, 2023
OWSLib vulnerable to XML External Entity (XXE) Injection High
CVE-2023-27476 was published for OWSLib (pip) Mar 7, 2023
jorgectf
Credited to jorgectf
Goutil vulnerable to path traversal when unzipping files High
CVE-2023-27475 was published for github.com/gookit/goutil (Go) Mar 7, 2023
cokeBeer
Credited to cokeBeer
directus vulnerable to HTML Injection in Password Reset email to custom Reset URL High
CVE-2023-27474 was published for directus (npm) Mar 7, 2023
tofran
Credited to tofran
Maligned causes incorrect deallocation Moderate
GHSA-wm8x-php5-hvq6 was published for maligned (Rust) Mar 7, 2023
Buildkit credentials inlined to Git URLs could end up in provenance attestation Moderate
CVE-2023-26054 was published for github.com/moby/buildkit (Go) Mar 7, 2023
oatovar
Credited to oatovar
Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower Low
CVE-2023-23939 was published for Azure/setup-kubectl (GitHub Actions) Mar 7, 2023
OpenSearch has issue with fine-grained access control of indices backing data streams Moderate
CVE-2022-41918 was published for org.opensearch.plugin:opensearch-security (Maven) Mar 7, 2023
Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling High
CVE-2023-27522 was published for uWSGI (pip) Mar 7, 2023
joshbressers
Credited to joshbressers
SQL Injection in Funadmin Critical
CVE-2023-24775 was published for funadmin/funadmin (Composer) Mar 7, 2023
OpenSearch has time discrepancy in authentication responses Moderate
CVE-2023-25806 was published for org.opensearch.plugin:opensearch-security (Maven) Mar 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database