Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,950
Maven
5,000+
npm
4,596
NuGet
787
pip
4,301
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

25,938 advisories

Loading
Reportlab vulnerable to remote code execution High
CVE-2023-33733 was published for reportlab (pip) Jun 5, 2023
m3t3kh4n
Credited to m3t3kh4n
Admidio vulnerable to Cross-site Scripting Moderate
CVE-2023-3109 was published for admidio/admidio (Composer) Jun 5, 2023
Kyverno resource with a deletionTimestamp may allow policy circumvention Moderate
CVE-2023-34091 was published for github.com/kyverno/kyverno (Go) Jun 5, 2023
bburky
Credited to bburky
Gitpod vulnerable to Cross-site Scripting Moderate
CVE-2023-32766 was published for github.com/gitpod-io/gitpod (Go) Jun 5, 2023
xml-rs vulnerable to denial of service via invalid token in XML document High
CVE-2023-34411 was published for xml-rs (Rust) Jun 5, 2023
00xc
Credited to 00xc
TeamPass vulnerable to Improper Access Control Moderate
CVE-2023-3095 was published for nilsteampassnet/teampass (Composer) Jun 4, 2023
TeamPass vulnerable to stored Cross-site Scripting Critical
CVE-2023-3086 was published for nilsteampassnet/teampass (Composer) Jun 3, 2023
TeamPass vulnerable to stored Cross-site Scripting High
CVE-2023-3084 was published for nilsteampassnet/teampass (Composer) Jun 3, 2023
TeamPass vulnerable to stored Cross-site Scripting High
CVE-2023-3083 was published for nilsteampassnet/teampass (Composer) Jun 3, 2023
Hashicorp Consul allows user with service:write permissions to patch remote proxy instances High
CVE-2023-2816 was published for github.com/hashicorp/consul (Go) Jun 3, 2023
Hashicorp Consul vulnerable to denial of service Moderate
CVE-2023-1297 was published for github.com/hashicorp/consul (Go) Jun 3, 2023
mx-chain-go does not treat invalid transaction with wrong username correctly High
CVE-2023-33964 was published for github.com/multiversx/mx-chain-go (Go) Jun 2, 2023
Vulnerable OpenSSL included in cryptography wheels Low
GHSA-5cpq-8wj7-hf2v was published for cryptography (pip) Jun 2, 2023
Go package github.com/cosmos/cosmos-sdk module x/crisis does NOT cause chain halt Low
GHSA-qfc5-6r3j-jj22 was published for github.com/cosmos/cosmos-sdk (Go) Jun 2, 2023
DataEase API interface has IDOR vulnerability High
CVE-2023-32310 was published for io.dataease:dataease-plugin-common (Maven) Jun 2, 2023
lujiefsi
Credited to lujiefsi
PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket' Moderate
GHSA-42qm-8v8m-m78c was published for pocketmine/pocketmine-mp (Composer) Jun 1, 2023
dktapps
Credited to dktapps
hawtio vulnerable to Path Traversal Moderate
CVE-2023-33544 was published for io.hawt:project (Maven) Jun 1, 2023
janino vulnerable to denial of service due to stack overflow Moderate
CVE-2023-33546 was published for org.codehaus.janino:janino-parent (Maven) Jun 1, 2023
Duplicate Advisory: Starlette vulnerable to directory traversal High
GHSA-qj8w-rv5x-2v9h was published for starlette (pip) Jun 1, 2023 withdrawn
Missing "--allow-net" permission check for built-in Node modules High
CVE-2023-33966 was published for deno (Rust) May 31, 2023
sylc
Credited to sylc
Phishing attack vulnerability by uploading malicious HTML file Moderate
CVE-2023-32689 was published for parse-server (npm) May 31, 2023
dblythy mtrezza
Credited to dblythy and mtrezza
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file Low
CVE-2023-32684 was published for github.com/lima-vm/lima (Go) May 31, 2023
nilsteampassnet/teampass vulnerable to cross-site scripting Moderate
CVE-2023-3009 was published for nilsteampassnet/teampass (Composer) May 31, 2023
Dcat-Admin vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-33736 was published for dcat/laravel-admin (Composer) May 31, 2023
Algernon engine and themes vulnerable to Cross-site Scripting Moderate
CVE-2023-26131 was published for github.com/xyproto/algernon (Go) May 31, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database