Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

25,028 advisories

Loading
Keycloak vulnerable to user impersonation via stolen UUID code High
CVE-2023-0264 was published for org.keycloak:keycloak-services (Maven) Mar 2, 2023
JorXi
Credited to JorXi
keycloak-connect contains Open redirect vulnerability in the Node.js adapter Moderate
CVE-2022-2237 was published for keycloak-connect (npm) Mar 2, 2023
jviding
Credited to jviding
gosaml2 vulnerable to Denial Of Service Via Deflate Decompression Bomb Moderate
CVE-2023-26483 was published for github.com/russellhaering/gosaml2 (Go) Mar 2, 2023
nszetei
Credited to nszetei
Vega Expression Language `scale` expression function Cross Site Scripting Moderate
CVE-2023-26486 was published for vega (npm) Mar 2, 2023
ajxchapman hydrosquall
Credited to ajxchapman and hydrosquall
Vega has Cross-site Scripting vulnerability in `lassoAppend` function Moderate
CVE-2023-26487 was published for vega (npm) Mar 2, 2023
azasypkin jkakavas
Credited to azasypkin and jkakavas
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions Low
CVE-2023-26052 was published for saleor (pip) Mar 2, 2023
xwiki-platform vulnerable to Remote Code Execution in Annotations Critical
CVE-2023-26475 was published for org.xwiki.platform:xwiki-platform-annotation-ui (Maven) Mar 2, 2023
renniepak
Credited to renniepak
Pimcore vulnerable to Cross Site Scripting in Email Blacklist Moderate
CVE-2023-1116 was published for pimcore/pimcore (Composer) Mar 1, 2023
0xy37 ahmedvienna
Credited to 0xy37 and ahmedvienna
Pimcore vulnerable to Cross Site Scripting in image/video thumbnail config Moderate
CVE-2023-1117 was published for pimcore/pimcore (Composer) Mar 1, 2023
Pimcore vulnerable to Cross Site Scripting in Documents Link Editable Moderate
CVE-2023-1115 was published for pimcore/pimcore (Composer) Mar 1, 2023
nistec has Incorrect Calculation in Multiplication of unreduced P-256 scalars High
CVE-2023-24533 was published for filippo.io/nistec (Go) Mar 1, 2023
Kubernetes vulnerable to path traversal Moderate
CVE-2022-3162 was published for github.com/kubernetes/kubernetes (Go) Mar 1, 2023
Kubernetes vulnerable to validation bypass High
CVE-2022-3294 was published for github.com/kubernetes/kubernetes (Go) Mar 1, 2023
aruneko kurt-r2c
Credited to aruneko and kurt-r2c
Grafana vulnerable to Stored Cross-site Scripting in Text plugin Moderate
CVE-2023-22462 was published for github.com/grafana/grafana (Go) Mar 1, 2023
Churro michaelkedar
Credited to Churro and michaelkedar
teler-waf contains detection rule bypass via Entities payload Moderate
CVE-2023-26047 was published for github.com/kitabisa/teler-waf (Go) Mar 1, 2023
aidilarf
Credited to aidilarf
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload Moderate
CVE-2023-26046 was published for github.com/kitabisa/teler-waf (Go) Mar 1, 2023
aidilarf
Credited to aidilarf
Juju controller - Arbitrary file reading vulnerability Moderate
CVE-2023-0092 was published for github.com/juju/juju (Go) Mar 1, 2023
yhy0
Credited to yhy0
Grafana vulnerable to Cross-site Scripting Moderate
CVE-2023-0507 was published for github.com/grafana/grafana (Go) Mar 1, 2023
Grafana vulnerable to Cross-site Scripting Moderate
CVE-2023-0594 was published for github.com/grafana/grafana (Go) Mar 1, 2023
Lemur subject to insecure random generation High
CVE-2023-30797 was published for lemur (pip) Mar 1, 2023
kjsman
Credited to kjsman
rsshub vulnerable to Cross-site Scripting via unvalidated URL parameters Moderate
CVE-2023-26491 was published for rsshub (npm) Mar 1, 2023
Ry0taK
Credited to Ry0taK
HTML Injection in Keycloak Admin REST API Moderate
CVE-2022-1274 was published for org.keycloak:keycloak-services (Maven) Mar 1, 2023
Keycloak Cross-site Scripting on OpenID connect login service High
CVE-2022-4137 was published for org.keycloak:keycloak-parent (Maven) Mar 1, 2023
Keycloak vulnerable to Cross-site Scripting Moderate
CVE-2022-1438 was published for org.keycloak:keycloak-services (Maven) Mar 1, 2023
Imperative CLI vulnerable to Command Injection Low
CVE-2021-4326 was published for @zowe/imperative (npm) Mar 1, 2023
MarkAckert
Credited to MarkAckert
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database