Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,487 advisories

Loading
.NET Denial of Service Vulnerability High
CVE-2023-21538 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Jan 10, 2023
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted Low
CVE-2023-22489 was published for flarum/core (Composer) Jan 10, 2023
clarkwinkelmann
Credited to clarkwinkelmann
Flarum notifications can leak restricted content Moderate
CVE-2023-22488 was published for flarum/core (Composer) Jan 10, 2023
clarkwinkelmann
Credited to clarkwinkelmann
Flarum post mentions can be used to read any post on the forum without access control High
CVE-2023-22487 was published for flarum/mentions (Composer) Jan 10, 2023
clarkwinkelmann
Credited to clarkwinkelmann
convict vulnerable to Prototype Pollution High
CVE-2023-0163 was published for convict (npm) Jan 10, 2023
Captain-K-101
Credited to Captain-K-101
Cargo did not verify SSH host keys Moderate
CVE-2022-46176 was published for cargo (Rust) Jan 10, 2023
Ecto lacks a protection mechanism Critical
CVE-2017-20166 was published for ecto (Erlang) Jan 10, 2023
phoenix_html allows Cross-site Scripting in HEEx class attributes Moderate
CVE-2021-46871 was published for phoenix_html (Erlang) Jan 10, 2023
bzip2 allows attackers to cause a denial of service via a large file that triggers an integer overflow High
CVE-2023-22895 was published for bzip2 (Rust) Jan 10, 2023
tdunlap607
Credited to tdunlap607
Zip4j Origin Validation Error Moderate
CVE-2023-22899 was published for net.lingala.zip4j:zip4j (Maven) Jan 10, 2023
0xSSA
Credited to 0xSSA
PocketMine-MP vulnerable to denial-of-service by sending large modal form responses Moderate
GHSA-7m9r-rq9j-wmmh was published for pocketmine/pocketmine-mp (Composer) Jan 10, 2023
AkmalFairuz
Credited to AkmalFairuz
KubeOperator allows unauthorized access to system API High
CVE-2023-22480 was published for github.com/KubeOperator/KubeOperator (Go) Jan 9, 2023
suanve
Credited to suanve
KubePi session fixation attack allows an attacker to hijack a legitimate user session. High
CVE-2023-22479 was published for github.com/KubeOperator/kubepi (Go) Jan 9, 2023
KubePi may allow unauthorized access to system API High
CVE-2023-22478 was published for github.com/KubeOperator/kubepi (Go) Jan 9, 2023
suanve
Credited to suanve
mercurius has Uncaught Exception when using subscriptions Moderate
CVE-2023-22477 was published for mercurius (npm) Jan 9, 2023
marcolanaro
Credited to marcolanaro
ruby-git has potential remote code execution vulnerability High
CVE-2022-46648 was published for git (RubyGems) Jan 9, 2023
PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crash High
GHSA-wqqv-jcfr-9f5g was published for pocketmine/pocketmine-mp (Composer) Jan 9, 2023
@okta/oidc-middlewareOpen Redirect vulnerability Moderate
CVE-2022-3145 was published for @okta/oidc-middleware (npm) Jan 9, 2023
jviding
Credited to jviding
Apiman Manager API affected by Jackson denial of service vulnerability Moderate
GHSA-q95j-488q-5q3p was published for io.apiman:apiman-manager-api-impl (Maven) Jan 9, 2023
Gitops Run insecure communication High
CVE-2022-23509 was published for github.com/weaveworks/weave-gitops (Go) Jan 9, 2023
pjbgf
Credited to pjbgf
GitOps Run allows for Kubernetes workload injection High
CVE-2022-23508 was published for github.com/weaveworks/weave-gitops (Go) Jan 9, 2023
pjbgf
Credited to pjbgf
Luxon Inefficient Regular Expression Complexity vulnerability High
CVE-2023-22467 was published for luxon (npm) Jan 9, 2023
skrtheboss remi-san
makkes canderson-activatecare rpastro cmp831
Credited to skrtheboss, remi-san, makkes, canderson-activatecare, rpastro, and cmp831
debug Inefficient Regular Expression Complexity vulnerability High
CVE-2017-20165 was published for debug (npm) Jan 9, 2023
HvB
Credited to HvB
Apache Sling App CMS vulnerable to reflected Cross-site Scripting Moderate
CVE-2022-46769 was published for org.apache.sling:org.apache.sling.cms (Maven) Jan 9, 2023
Information Cards Module vulnerable to Cross-site Scripting Moderate
CVE-2010-10004 was published for simplesamlphp/simplesamlphp-module-infocard (Composer) Jan 9, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database