Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
42
Go
3,114
Maven
5,000+
npm
5,000+
NuGet
826
pip
4,428
Pub
12
RubyGems
988
Rust
1,171
Swift
50
Unreviewed advisories
All unreviewed
5,000+

26,868 advisories

Loading
Microsoft Security Advisory CVE-2023-36796: .NET Remote Code Execution Vulnerability High
CVE-2023-36796 was published for Microsoft.NETCore.App.Runtime.win-arm64 (NuGet) Sep 12, 2023
Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability Moderate
CVE-2023-36799 was published for Microsoft.NETCore.App.Runtime.linux-arm (NuGet) Sep 12, 2023
Apache Airflow information exposure vulnerability High
CVE-2023-40712 was published for apache-airflow (pip) Sep 12, 2023
Apache Airflow Incorrect Authorization vulnerability Moderate
CVE-2023-40611 was published for apache-airflow (pip) Sep 12, 2023
sunSUNQ Credited to sunSUNQ
Cecil Cross-site Scripting vulnerability Moderate
CVE-2023-4913 was published for cecil/cecil (Composer) Sep 12, 2023
Cecil Path Traversal vulnerability High
CVE-2023-4914 was published for cecil/cecil (Composer) Sep 12, 2023
libwebp: OOB write in BuildHuffmanTable High
CVE-2023-4863 was published for Pillow (Go) Sep 12, 2023
delroth Credited to delroth, Nachtalb, and pshelton-skype Nachtalb Nachtalb
pshelton-skype pshelton-skype
OpenRefine Remote Code execution in project import with mysql jdbc url attack Critical
CVE-2023-41887 was published for org.openrefine:database (Maven) Sep 12, 2023
nbxiglk0 Credited to nbxiglk0
OpenRefine vulnerable to arbitrary file read in project import with mysql jdbc url attack High
CVE-2023-41886 was published for org.openrefine:database (Maven) Sep 12, 2023
nbxiglk0 Credited to nbxiglk0
Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration Moderate
CVE-2023-41885 was published for piccolo (pip) Sep 12, 2023
Skelmis Credited to Skelmis
Drools Core Deserialization of Untrusted Data vulnerability Moderate
CVE-2022-1415 was published for org.drools:drools-core (Maven) Sep 11, 2023
Magento LTS's guest order "protect code" can be brute-forced too easily High
CVE-2023-41879 was published for openmage/magento-lts (Composer) Sep 11, 2023
theroch Credited to theroch, fballiano, and colinmollenhour fballiano fballiano
colinmollenhour colinmollenhour
Inventory exposes reference to non-Sync data to an arbitrary thread Moderate
GHSA-36xm-35qq-795w was published for inventory (Rust) Sep 11, 2023
Users vulnerable to unaligned read of `*const *const c_char` pointer Moderate
GHSA-jcr6-4frq-9gjj was published for users (Rust) Sep 11, 2023
Inventory fails to prohibit standard library access prior to initialization of Rust standard library runtime Moderate
GHSA-ghc8-5cgm-5rpf was published for inventory (Rust) Sep 11, 2023
Prevent injection of invalid entity ids for "autocomplete" fields Moderate
CVE-2023-41336 was published for symfony/ux-autocomplete (Composer) Sep 11, 2023
janklan Credited to janklan
RKE2 supervisor port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack High
CVE-2023-32186 was published for github.com/rancher/rke2 (Go) Sep 11, 2023
K3s apiserver port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack High
CVE-2023-32187 was published for github.com/k3s-io/k3s (Go) Sep 11, 2023
Argo CD repo-server Denial of Service vulnerability Moderate
CVE-2023-40584 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 11, 2023
amit-laish Credited to amit-laish
Argo CD cluster secret might leak in cluster details page Critical
CVE-2023-40029 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 11, 2023
alexmt Credited to alexmt
hutool Buffer Overflow vulnerability Critical
CVE-2023-42277 was published for cn.hutool:hutool-core (Maven) Sep 9, 2023
hutool Buffer Overflow vulnerability Critical
CVE-2023-42276 was published for cn.hutool:hutool-core (Maven) Sep 9, 2023
Cockpit CMS arbitrary file upload vulnerability Moderate
CVE-2023-41564 was published for cockpit-hq/cockpit (Composer) Sep 9, 2023
hutool Buffer Overflow vulnerability High
CVE-2023-42278 was published for cn.hutool:hutool-core (Maven) Sep 9, 2023
mattberry3 Credited to mattberry3
Jeecg boot SQL Injection vulnerability Critical
CVE-2023-42268 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Sep 8, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database