Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,618
Maven
5,000+
npm
4,255
NuGet
760
pip
4,042
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,517 advisories

Loading
gatsby-transformer-remark has possible unsanitized JavaScript code injection High
CVE-2023-22491 was published for gatsby-transformer-remark (npm) Jan 11, 2023
skeemas Inefficient Regular Expression Complexity vulnerability High
CVE-2018-25074 was published for skeemas (npm) Jan 11, 2023
Duplicate Advisory: PapaParse Inefficient Regular Expression Complexity vulnerability High
GHSA-798h-g4j5-5537 was published for papaparse (npm) Jan 11, 2023 withdrawn
Duplicate of GHSA-4xh4-v2pq-jvhm Low
GHSA-9f2c-xxfm-32mj was published for personnummer (Pub) Jan 11, 2023 withdrawn
Reflected XSS in Gotify's /docs via import of outdated Swagger UI Moderate
GHSA-3244-8mff-w398 was published for github.com/gotify/server (Go) Jan 10, 2023
40826d
Credited to 40826d
.NET Denial of Service Vulnerability High
CVE-2023-21538 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Jan 10, 2023
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted Low
CVE-2023-22489 was published for flarum/core (Composer) Jan 10, 2023
clarkwinkelmann
Credited to clarkwinkelmann
Flarum notifications can leak restricted content Moderate
CVE-2023-22488 was published for flarum/core (Composer) Jan 10, 2023
clarkwinkelmann
Credited to clarkwinkelmann
Flarum post mentions can be used to read any post on the forum without access control High
CVE-2023-22487 was published for flarum/mentions (Composer) Jan 10, 2023
clarkwinkelmann
Credited to clarkwinkelmann
convict vulnerable to Prototype Pollution High
CVE-2023-0163 was published for convict (npm) Jan 10, 2023
Captain-K-101
Credited to Captain-K-101
Cargo did not verify SSH host keys Moderate
CVE-2022-46176 was published for cargo (Rust) Jan 10, 2023
Ecto lacks a protection mechanism Critical
CVE-2017-20166 was published for ecto (Erlang) Jan 10, 2023
phoenix_html allows Cross-site Scripting in HEEx class attributes Moderate
CVE-2021-46871 was published for phoenix_html (Erlang) Jan 10, 2023
bzip2 allows attackers to cause a denial of service via a large file that triggers an integer overflow High
CVE-2023-22895 was published for bzip2 (Rust) Jan 10, 2023
tdunlap607
Credited to tdunlap607
Zip4j Origin Validation Error Moderate
CVE-2023-22899 was published for net.lingala.zip4j:zip4j (Maven) Jan 10, 2023
0xSSA
Credited to 0xSSA
PocketMine-MP vulnerable to denial-of-service by sending large modal form responses Moderate
GHSA-7m9r-rq9j-wmmh was published for pocketmine/pocketmine-mp (Composer) Jan 10, 2023
AkmalFairuz
Credited to AkmalFairuz
KubeOperator allows unauthorized access to system API High
CVE-2023-22480 was published for github.com/KubeOperator/KubeOperator (Go) Jan 9, 2023
suanve
Credited to suanve
KubePi session fixation attack allows an attacker to hijack a legitimate user session. High
CVE-2023-22479 was published for github.com/KubeOperator/kubepi (Go) Jan 9, 2023
KubePi may allow unauthorized access to system API High
CVE-2023-22478 was published for github.com/KubeOperator/kubepi (Go) Jan 9, 2023
suanve
Credited to suanve
mercurius has Uncaught Exception when using subscriptions Moderate
CVE-2023-22477 was published for mercurius (npm) Jan 9, 2023
marcolanaro
Credited to marcolanaro
ruby-git has potential remote code execution vulnerability High
CVE-2022-46648 was published for git (RubyGems) Jan 9, 2023
PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crash High
GHSA-wqqv-jcfr-9f5g was published for pocketmine/pocketmine-mp (Composer) Jan 9, 2023
@okta/oidc-middlewareOpen Redirect vulnerability Moderate
CVE-2022-3145 was published for @okta/oidc-middleware (npm) Jan 9, 2023
jviding
Credited to jviding
Apiman Manager API affected by Jackson denial of service vulnerability Moderate
GHSA-q95j-488q-5q3p was published for io.apiman:apiman-manager-api-impl (Maven) Jan 9, 2023
Gitops Run insecure communication High
CVE-2022-23509 was published for github.com/weaveworks/weave-gitops (Go) Jan 9, 2023
pjbgf
Credited to pjbgf
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database