Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
42
Go
3,114
Maven
5,000+
npm
5,000+
NuGet
826
pip
4,428
Pub
12
RubyGems
988
Rust
1,171
Swift
50
Unreviewed advisories
All unreviewed
5,000+

26,868 advisories

Loading
LibreNMS Cross-site Scripting vulnerability Moderate
CVE-2023-4981 was published for librenms/librenms (Composer) Sep 15, 2023
LibreNMS Cross-site Scripting vulnerability Moderate
CVE-2023-4979 was published for librenms/librenms (Composer) Sep 15, 2023
LibreNMS Code Injection vulnerability Moderate
CVE-2023-4977 was published for librenms/librenms (Composer) Sep 15, 2023
HashiCorp Vault Improper Input Validation vulnerability Moderate
CVE-2023-4680 was published for github.com/hashicorp/vault (Go) Sep 15, 2023
Froala Editor Cross-site Scripting vulnerability Moderate
CVE-2023-41592 was published for froala-editor (Composer) Sep 15, 2023
eoftedal Credited to eoftedal and cdupuis cdupuis cdupuis
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64 Low
CVE-2023-41880 was published for wasmtime (Rust) Sep 14, 2023
afonso360 Credited to afonso360
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again) High
GHSA-92jh-gwch-jq38 was published for pocketmine/pocketmine-mp (Composer) Sep 14, 2023
alvin0319 Credited to alvin0319, dktapps, and SvenRtbg dktapps dktapps
SvenRtbg SvenRtbg
PocketMine-MP server crash due to incorrect EC curve used for LoginPacket identityPublicKey High
GHSA-79rc-jjh6-rc89 was published for pocketmine/pocketmine-mp (Composer) Sep 14, 2023
dktapps Credited to dktapps
Jetty accepts "+" prefixed value in Content-Length Moderate
CVE-2023-40167 was published for org.eclipse.jetty:jetty-http (Maven) Sep 14, 2023
mukeran Credited to mukeran and chenjj chenjj chenjj
Jetty vulnerable to errant command quoting in CGI Servlet Low
CVE-2023-36479 was published for org.eclipse.jetty.ee10:jetty-ee10-servlets (Maven) Sep 14, 2023
bismuthsalamander Credited to bismuthsalamander, kaoudis, and joakime kaoudis kaoudis
joakime joakime
Undertow denial of service vulnerability High
CVE-2023-1108 was published for io.undertow:undertow-core (Maven) Sep 14, 2023
marcospds Credited to marcospds and bvahdat bvahdat bvahdat
Apache Commons Compress denial of service vulnerability Moderate
CVE-2023-42503 was published for org.apache.commons:commons-compress (Maven) Sep 14, 2023
Apache HDFS Provider error message suggested High
CVE-2023-41267 was published for apache-airflow-providers-apache-hdfs (pip) Sep 14, 2023
oscerd Credited to oscerd
sidekiq Denial of Service vulnerability Moderate
CVE-2023-26141 was published for sidekiq (RubyGems) Sep 14, 2023
wwahammy Credited to wwahammy, kflavin, and martingregoire kflavin kflavin
martingregoire martingregoire
Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms) High
CVE-2023-4785 was published for grpc (RubyGems) Sep 13, 2023
hahwul Credited to hahwul
Strapi Improper Rate Limiting vulnerability High
CVE-2023-38507 was published for @strapi/admin (npm) Sep 13, 2023
scgajge12 Credited to scgajge12, derrickmehaffy, innerdvations, and alexandrebodin derrickmehaffy derrickmehaffy
innerdvations innerdvations alexandrebodin alexandrebodin
Strapi's field level permissions not being respected in relationship title Moderate
CVE-2023-37263 was published for @strapi/plugin-content-manager (npm) Sep 13, 2023
Boegie19 Credited to Boegie19, derrickmehaffy, and alexandrebodin derrickmehaffy derrickmehaffy
alexandrebodin alexandrebodin
Strapi may leak sensitive user information, user reset password, tokens via content-manager views Moderate
CVE-2023-36472 was published for @strapi/admin (npm) Sep 13, 2023
Boegie19 Credited to Boegie19, derrickmehaffy, and alexandrebodin derrickmehaffy derrickmehaffy
alexandrebodin alexandrebodin
Craft CMS Remote Code Execution vulnerability Critical
CVE-2023-41892 was published for craftcms/cms (Composer) Sep 13, 2023
zonia3000 Credited to zonia3000
BER/CER/DER decoder panics on invalid input High
CVE-2023-39914 was published for bcder (Rust) Sep 13, 2023
NLnet Labs’ Routinator vulnerable to path traversal Critical
CVE-2023-39916 was published for routinator (Rust) Sep 13, 2023
Keycloak vulnerable to Plaintext Storage of User Password High
CVE-2023-4918 was published for org.keycloak:keycloak-core (Maven) Sep 12, 2023
dasniko Credited to dasniko and lme-atolcd lme-atolcd lme-atolcd
Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability High
CVE-2023-36792 was published for Microsoft.NETCore.App.Runtime.win-arm64 (NuGet) Sep 12, 2023
Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability High
CVE-2023-36794 was published for Microsoft.NETCore.App.Runtime.win-arm64 (NuGet) Sep 12, 2023
Microsoft Security Advisory CVE-2023-36793: .NET Remote Code Execution Vulnerability High
CVE-2023-36793 was published for Microsoft.NETCore.App.Runtime.win-arm64 (NuGet) Sep 12, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database