Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

635 advisories

Loading
piccolo SQL Injection via named transaction savepoints Critical
CVE-2023-47128 was published for piccolo (pip) Nov 12, 2023
Skelmis
PyArrow: Arbitrary code execution when loading a malicious data file Critical
CVE-2023-47248 was published for pyarrow (pip) Nov 9, 2023
pitrou r3kumar
XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages Critical
CVE-2023-45137 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled Critical
CVE-2023-45136 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Oct 25, 2023
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title Critical
CVE-2023-45135 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
XWiki Platform XSS vulnerability from account in the create page form via template provider Critical
CVE-2023-45134 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability Critical
CVE-2023-37908 was published for org.xwiki.rendering:xwiki-rendering-xml (Maven) Oct 25, 2023
CSRF Token Reuse Vulnerability Critical
CVE-2023-45128 was published for github.com/gofiber/fiber/v2 (Go) Oct 17, 2023
rere61 sixcolors
the-hotmann gaby efectn ReneWerner87
Cachet vulnerable to Authenticated Remote Code Execution Critical
CVE-2023-43661 was published for cachethq/cachet (Composer) Oct 16, 2023
rive-n
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code Critical
CVE-2023-45133 was published for @babel/traverse (npm) Oct 16, 2023
SteakEnthusiast ashdude1401
nicolo-ribaudo Apetree100122 ebickle
JWT token compromise can allow malicious actions including Remote Code Execution (RCE) Critical
CVE-2023-32188 was published for github.com/neuvector/neuvector (Go) Oct 6, 2023
holyspectral
geokit-rails Command Injection vulnerability Critical
CVE-2023-26153 was published for geokit-rails (RubyGems) Oct 6, 2023
Improper Control of Generation of Code ('Code Injection') in jai-ext Critical
CVE-2022-24816 was published for it.geosolutions.jaiext.jiffle:jt-jiffle (Maven) Sep 19, 2023
sikeoka
OpenRefine Remote Code execution in project import with mysql jdbc url attack Critical
CVE-2023-41887 was published for org.openrefine:database (Maven) Sep 12, 2023
nbxiglk0
Command Injection Vulnerability in find-exec Critical
CVE-2023-40582 was published for find-exec (npm) Aug 30, 2023
miguelafmonteiro
Heap-based buffer overflow in ZBar Critical
CVE-2023-40889 was published for zbar (pip) Aug 29, 2023
external-svg-loader Cross-site Scripting vulnerability Critical
CVE-2023-40013 was published for external-svg-loader (npm) Aug 14, 2023
r00tdaemon
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments Critical
CVE-2023-40267 was published for GitPython (pip) Aug 11, 2023
PyroCMS remote code execution vulnerability Critical
CVE-2023-29689 was published for pyrocms/pyrocms (Composer) Aug 4, 2023
Aerospike Java Client vulnerable to unsafe deserialization of server responses Critical
CVE-2023-36480 was published for com.aerospike:aerospike-client (Maven) Aug 3, 2023
Apache StreamPark Improper Input Validation vulnerability Critical
CVE-2022-46365 was published for org.apache.streampark:streampark (Maven) Jul 6, 2023
git-commit-info vulnerable to Command Injection Critical
CVE-2023-26134 was published for git-commit-info (npm) Jun 28, 2023
php-imap vulnerable to RCE through a directory traversal vulnerability Critical
CVE-2023-35169 was published for webklex/laravel-imap (Composer) Jun 21, 2023
angelej
Grav Server Side Template Injection (SSTI) vulnerability Critical
CVE-2023-34251 was published for getgrav/grav (Composer) Jun 16, 2023
scgajge12
Brook's tproxy server is vulnerable to a drive-by command injection. Critical
CVE-2023-33965 was published for github.com/txthinking/brook (Go) Jun 6, 2023
pwntester
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database