Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

25,028 advisories

Loading
api-platform/core's secured properties may be accessible within collections High
CVE-2023-25575 was published for api-platform/core (Composer) Feb 28, 2023
Toflar soyuka
Credited to Toflar and soyuka
vantage6 refresh tokens do not expire High
CVE-2023-23929 was published for vantage6 (pip) Feb 28, 2023
vantage6 vulnerable to Improper Preservation of Permissions High
CVE-2023-22738 was published for vantage6 (pip) Feb 28, 2023
vantage6 vulnerable to Observable Response Discrepancy Moderate
CVE-2022-39228 was published for vantage6 (pip) Feb 28, 2023
partial_sort contains Out-of-bounds Read in release mode Moderate
GHSA-5x36-7567-3cw6 was published for partial_sort (Rust) Feb 28, 2023
Ascii (crate) allows out-of-bounds array indexing in safe code Moderate
GHSA-mrrw-grhq-86gf was published for ascii (Rust) Feb 28, 2023
Gogs OS Command Injection vulnerability Critical
CVE-2022-2024 was published for gogs.io/gogs (Go) Feb 28, 2023
cokeBeer
Credited to cokeBeer
mde utilities contains Prototype Pollution High
CVE-2023-26105 was published for utilities (npm) Feb 28, 2023
phanect
Credited to phanect
Microweber Cross-site Scripting vulnerability Moderate
CVE-2023-1081 was published for microweber/microweber (Composer) Feb 28, 2023
laravel-admin has Arbitrary File Upload vulnerability High
CVE-2023-24249 was published for encore/laravel-admin (Composer) Feb 27, 2023
TeamPass External Control of File Name or Path vulnerability High
CVE-2023-1070 was published for nilsteampassnet/teampass (Composer) Feb 27, 2023
Pimcore vulnerable to Cross-site Scripting Moderate
CVE-2023-1067 was published for pimcore/pimcore (Composer) Feb 27, 2023
frp_form_answers allows Cross-site Scripting Moderate
CVE-2023-26091 was published for frappant/frp-form-answers (Composer) Feb 26, 2023
Duplicate advisory: Deno vulnerable to Regular Expression Denial of Service High
GHSA-xr9w-x6gw-c9mj was published for deno (Rust) Feb 25, 2023 withdrawn
Denial of Service vulnerability in lite-web-server High
CVE-2023-26104 was published for lite-web-server (npm) Feb 25, 2023
lirantal
Credited to lirantal
Froxlor Cross-Site Request Forgery vulnerability High
CVE-2023-1033 was published for froxlor/froxlor (Composer) Feb 25, 2023
ecdh vulnerable to Exposure of Resource to Wrong Sphere High
CVE-2022-44310 was published for ecdh (npm) Feb 24, 2023
Sequelize - Default support for “raw attributes” when using parentheses Critical
CVE-2023-22578 was published for @sequelize/core (npm) Feb 24, 2023
RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions Low
CVE-2023-0481 was published for io.quarkus.resteasy.reactive:resteasy-reactive-common (Maven) Feb 24, 2023
joshbressers
Credited to joshbressers
XML External Entity (XXE) vulnerability in apoc.import.graphml Moderate
GHSA-9vx8-f5c4-862x was published for org.neo4j.procedure:apoc (Maven) Feb 24, 2023
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all Low
GHSA-mc8h-8q98-g5hr was published for remove_dir_all (Rust) Feb 24, 2023
LiteDB may deserialize bad JSON on object type using _type Critical
CVE-2022-23535 was published for LiteDB (NuGet) Feb 24, 2023
Apache Airflow Sqoop Provider Improper Input Validation vulnerability Critical
CVE-2023-25693 was published for apache-airflow-providers-apache-sqoop (pip) Feb 24, 2023
Apache Airflow AWS Provider Generates Error Message Containing Sensitive Information High
CVE-2023-25956 was published for apache-airflow-providers-amazon (pip) Feb 24, 2023
Apache Airflow Google Provider Improper Input Validation vulnerability Critical
CVE-2023-25691 was published for apache-airflow-providers-google (pip) Feb 24, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database