GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
1,586
Erlang
20
GitHub Actions
10
Go
1,039
Maven
3,552
npm
2,998
NuGet
283
pip
1,733
Pub
5
RubyGems
682
Rust
615
Unreviewed advisories
All unreviewed
5,000+
12,419 advisories
Filter by severity
mx-chain-go does not treat invalid transaction with wrong username correctly
High
CVE-2023-33964
was published
for
github.com/multiversx/mx-chain-go
(Go)
Jun 2, 2023
Vulnerable OpenSSL included in cryptography wheels
Low
GHSA-5cpq-8wj7-hf2v
was published
for
cryptography
(pip)
Jun 2, 2023
Go package github.com/cosmos/cosmos-sdk module x/crisis does NOT cause chain halt
Low
GHSA-qfc5-6r3j-jj22
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Jun 2, 2023
DataEase API interface has IDOR vulnerability
High
CVE-2023-32310
was published
for
io.dataease:dataease-plugin-common
(Maven)
Jun 2, 2023
PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket'
Moderate
GHSA-42qm-8v8m-m78c
was published
for
pocketmine/pocketmine-mp
(Composer)
Jun 1, 2023
Missing "--allow-net" permission check for built-in Node modules
High
CVE-2023-33966
was published
for
deno
(Rust)
May 31, 2023
Phishing attack vulnerability by uploading malicious HTML file
Moderate
CVE-2023-32689
was published
for
parse-server
(npm)
May 31, 2023
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Low
CVE-2023-32684
was published
for
github.com/lima-vm/lima
(Go)
May 31, 2023
nilsteampassnet/teampass vulnerable to cross-site scripting
High
CVE-2023-3009
was published
for
nilsteampassnet/teampass
(Composer)
May 31, 2023
thorsten/phpmyfaq vulnerable to cross-site scripting
Moderate
CVE-2023-2998
was published
for
thorsten/phpmyfaq
(Composer)
May 31, 2023
Kyverno vulnerable due to usage of insecure cipher
Moderate
GHSA-hgv6-w7r3-w4qw
was published
for
github.com/kyverno/kyverno
(Go)
May 30, 2023
sccache vulnerable to privilege escalation if server is run as root
Moderate
CVE-2023-1521
was published
for
sccache
(Rust)
May 30, 2023
go package pydio cells vulnerable to cross-site scripting
Low
CVE-2023-2981
was published
for
github.com/pydio/cells
(Go)
May 30, 2023
Go package pydio/cells vulnerable to authorization bypass
Moderate
CVE-2023-2978
was published
for
github.com/pydio/cells
(Go)
May 30, 2023
antfu/utils vulnerable to prototype pollution
Moderate
CVE-2023-2972
was published
for
@antfu/utils
(npm)
May 30, 2023
Dolibarr vulnerable to remote code execution via uppercase manipulation
Moderate
CVE-2023-30253
was published
for
dolibarr/dolibarr
(Composer)
May 29, 2023
bwm-ng vulnerable to command injection
High
CVE-2023-26129
was published
for
bwm-ng
(npm)
May 27, 2023
keep-module-latest vulnerable to Command Injection due to missing input sanitization
High
CVE-2023-26128
was published
for
keep-module-latest
(npm)
May 27, 2023
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function
High
CVE-2023-26127
was published
for
n158
(npm)
May 27, 2023
Pomerium vulnerable to Incorrect Authorization with specially crafted requests
Critical
CVE-2023-33189
was published
for
github.com/pomerium/pomerium
(Go)
May 26, 2023
malformed proposed intoto entries can cause a panic
Moderate
CVE-2023-33199
was published
for
github.com/sigstore/rekor
(Go)
May 26, 2023
Stored cross site scripting in Craft CMS
Moderate
CVE-2023-2817
was published
for
craftcms/cms
(Composer)
May 26, 2023
Privilege escalation in XXL-Job
Moderate
CVE-2023-33779
was published
for
com.xuxueli:xxl-job
(Maven)
May 26, 2023
Keycloak vulnerable to untrusted certificate validation
Low
CVE-2023-1664
was published
for
org.keycloak:keycloak-core
(Maven)
May 26, 2023
Spring Boot Welcome Page Denial of Service
Low
CVE-2023-20883
was published
for
org.springframework.boot:spring-boot-autoconfigure
(Maven)
May 26, 2023
ProTip!
Advisories are also available from the
GraphQL API