Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
1,586
Erlang
20
GitHub Actions
10
Go
1,039
Maven
3,552
npm
2,998
NuGet
283
pip
1,733
Pub
5
RubyGems
682
Rust
615
Unreviewed advisories
All unreviewed
5,000+

12,419 advisories

mx-chain-go does not treat invalid transaction with wrong username correctly High
CVE-2023-33964 was published for github.com/multiversx/mx-chain-go (Go) Jun 2, 2023
Vulnerable OpenSSL included in cryptography wheels Low
GHSA-5cpq-8wj7-hf2v was published for cryptography (pip) Jun 2, 2023
Go package github.com/cosmos/cosmos-sdk module x/crisis does NOT cause chain halt Low
GHSA-qfc5-6r3j-jj22 was published for github.com/cosmos/cosmos-sdk (Go) Jun 2, 2023
DataEase API interface has IDOR vulnerability High
CVE-2023-32310 was published for io.dataease:dataease-plugin-common (Maven) Jun 2, 2023
lujiefsi
PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket' Moderate
GHSA-42qm-8v8m-m78c was published for pocketmine/pocketmine-mp (Composer) Jun 1, 2023
dktapps
Missing "--allow-net" permission check for built-in Node modules High
CVE-2023-33966 was published for deno (Rust) May 31, 2023
sylc
Phishing attack vulnerability by uploading malicious HTML file Moderate
CVE-2023-32689 was published for parse-server (npm) May 31, 2023
dblythy mtrezza
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file Low
CVE-2023-32684 was published for github.com/lima-vm/lima (Go) May 31, 2023
nilsteampassnet/teampass vulnerable to cross-site scripting High
CVE-2023-3009 was published for nilsteampassnet/teampass (Composer) May 31, 2023
thorsten/phpmyfaq vulnerable to cross-site scripting Moderate
CVE-2023-2998 was published for thorsten/phpmyfaq (Composer) May 31, 2023
Kyverno vulnerable due to usage of insecure cipher Moderate
GHSA-hgv6-w7r3-w4qw was published for github.com/kyverno/kyverno (Go) May 30, 2023
abhilashbs1981
sccache vulnerable to privilege escalation if server is run as root Moderate
CVE-2023-1521 was published for sccache (Rust) May 30, 2023
kevinbackhouse
go package pydio cells vulnerable to cross-site scripting Low
CVE-2023-2981 was published for github.com/pydio/cells (Go) May 30, 2023
Go package pydio/cells vulnerable to authorization bypass Moderate
CVE-2023-2978 was published for github.com/pydio/cells (Go) May 30, 2023
antfu/utils vulnerable to prototype pollution Moderate
CVE-2023-2972 was published for @antfu/utils (npm) May 30, 2023
Dolibarr vulnerable to remote code execution via uppercase manipulation Moderate
CVE-2023-30253 was published for dolibarr/dolibarr (Composer) May 29, 2023
bwm-ng vulnerable to command injection High
CVE-2023-26129 was published for bwm-ng (npm) May 27, 2023
keep-module-latest vulnerable to Command Injection due to missing input sanitization High
CVE-2023-26128 was published for keep-module-latest (npm) May 27, 2023
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function High
CVE-2023-26127 was published for n158 (npm) May 27, 2023
Pomerium vulnerable to Incorrect Authorization with specially crafted requests Critical
CVE-2023-33189 was published for github.com/pomerium/pomerium (Go) May 26, 2023
nonsleepr
malformed proposed intoto entries can cause a panic Moderate
CVE-2023-33199 was published for github.com/sigstore/rekor (Go) May 26, 2023
Stored cross site scripting in Craft CMS Moderate
CVE-2023-2817 was published for craftcms/cms (Composer) May 26, 2023
Privilege escalation in XXL-Job Moderate
CVE-2023-33779 was published for com.xuxueli:xxl-job (Maven) May 26, 2023
Keycloak vulnerable to untrusted certificate validation Low
CVE-2023-1664 was published for org.keycloak:keycloak-core (Maven) May 26, 2023
Spring Boot Welcome Page Denial of Service Low
CVE-2023-20883 was published for org.springframework.boot:spring-boot-autoconfigure (Maven) May 26, 2023
ProTip! Advisories are also available from the GraphQL API