Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,250 advisories

Loading
Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability High
CVE-2023-39913 was published for org.apache.uima:uimaj (Maven) Nov 8, 2023
wildfly-core Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-4061 was published for org.wildfly.core:wildfly-controller (Maven) Nov 8, 2023
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency Low
GHSA-j57r-4qw6-58r3 was published for rusty-paseto (Rust) Nov 7, 2023
techport-om Credited to techport-om and rrrodzilla rrrodzilla rrrodzilla
XWiki Platform privilege escalation from script right to programming right through title displayer Critical
CVE-2023-46244 was published for org.xwiki.platform:xwiki-platform-display-api (Maven) Nov 7, 2023
XWiki Platform vulnerable to privilege escalation and remote code execution via the edit action High
CVE-2023-46243 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Nov 7, 2023
XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token Critical
CVE-2023-46242 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Nov 7, 2023
capsule-proxy service discloses Namespaces of colliding tenants to owners of different tenants with the same ServiceAccount name Moderate
CVE-2023-46254 was published for github.com/projectcapsule/capsule (Go) Nov 7, 2023
mtheeren-asml Credited to mtheeren-asml and prometherion prometherion prometherion
Mattermost vulnerable to excessive memory consumption Moderate
CVE-2023-5969 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 6, 2023
MarkLee131 Credited to MarkLee131
Mattermost password hash disclosure vulnerability Moderate
CVE-2023-5968 was published for github.com/mattermost/mattermost-server (Go) Nov 6, 2023
MarkLee131 Credited to MarkLee131
Calico Typha denial of service vulnerability High
CVE-2023-41378 was published for github.com/projectcalico/calico (Go) Nov 6, 2023
Mattermost denial of service vulnerability Moderate
CVE-2023-5967 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 6, 2023
Magnesium-PHP Injection vulnerability Low
CVE-2017-20187 was published for floriangaerber/magnesium (Composer) Nov 5, 2023
Ibexa ezplatform-kernel download route allows filename change Low
GHSA-gv2c-5g79-h73c was published for ezsystems/ezplatform-kernel (Composer) Nov 3, 2023
Ibexa DXP Download route allows filename change Low
GHSA-g95c-xc83-8353 was published for ibexa/core (Composer) Nov 3, 2023
Json response for search reveals Solr credentials Critical
GHSA-7crc-r3wg-cfgf was published for ezsystems/ezplatform-solr-search-engine (Composer) Nov 3, 2023
Json response for search reveals Solr credentials Critical
GHSA-v6xp-ccvx-w52m was published for ibexa/solr (Composer) Nov 3, 2023
Prototype Pollution(PP) vulnerability in setByPath High
CVE-2023-45827 was published for @clickbar/dot-diver (npm) Nov 3, 2023
d3ng03 Credited to d3ng03 and GAP-dev GAP-dev GAP-dev
Unauthorized Access to Private Fields in User Registration API High
CVE-2023-39345 was published for @strapi/plugin-users-permissions (npm) Nov 3, 2023
dogusdeniz Credited to dogusdeniz, innerdvations, derrickmehaffy, and christiancp100 innerdvations innerdvations
derrickmehaffy derrickmehaffy christiancp100 christiancp100
Download route allows filename change in eZpublish kernel Low
GHSA-946c-f9w6-2c25 was published for ezsystems/ezpublish-kernel (Composer) Nov 3, 2023
Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation High
CVE-2023-3893 was published for github.com/kubernetes-csi/csi-proxy (Go) Nov 3, 2023
Subrion remote command execution vulnerability High
CVE-2023-46947 was published for intelliants/subrion (Composer) Nov 3, 2023
Eclipse Glassfish remote code execution issue Moderate
CVE-2023-5763 was published for org.glassfish.main.orb:orb-connector (Maven) Nov 3, 2023
Eclipse Parsson Denial of Service vulnerability Moderate
CVE-2023-4043 was published for org.eclipse.parsson:project (Maven) Nov 3, 2023
Django Denial-of-service in django.utils.text.Truncator High
CVE-2023-43665 was published for Django (pip) Nov 3, 2023
Pillow Denial of Service vulnerability High
CVE-2023-44271 was published for pillow (pip) Nov 3, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database