GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
635 advisories
Filter by severity
piccolo SQL Injection via named transaction savepoints
Critical
CVE-2023-47128
was published
for
piccolo
(pip)
Nov 12, 2023
PyArrow: Arbitrary code execution when loading a malicious data file
Critical
CVE-2023-47248
was published
for
pyarrow
(pip)
Nov 9, 2023
XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages
Critical
CVE-2023-45137
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Oct 25, 2023
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled
Critical
CVE-2023-45136
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Oct 25, 2023
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title
Critical
CVE-2023-45135
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Oct 25, 2023
XWiki Platform XSS vulnerability from account in the create page form via template provider
Critical
CVE-2023-45134
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Oct 25, 2023
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability
Critical
CVE-2023-37908
was published
for
org.xwiki.rendering:xwiki-rendering-xml
(Maven)
Oct 25, 2023
CSRF Token Reuse Vulnerability
Critical
CVE-2023-45128
was published
for
github.com/gofiber/fiber/v2
(Go)
Oct 17, 2023
Cachet vulnerable to Authenticated Remote Code Execution
Critical
CVE-2023-43661
was published
for
cachethq/cachet
(Composer)
Oct 16, 2023
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Critical
CVE-2023-45133
was published
for
@babel/traverse
(npm)
Oct 16, 2023
JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Critical
CVE-2023-32188
was published
for
github.com/neuvector/neuvector
(Go)
Oct 6, 2023
geokit-rails Command Injection vulnerability
Critical
CVE-2023-26153
was published
for
geokit-rails
(RubyGems)
Oct 6, 2023
Improper Control of Generation of Code ('Code Injection') in jai-ext
Critical
CVE-2022-24816
was published
for
it.geosolutions.jaiext.jiffle:jt-jiffle
(Maven)
Sep 19, 2023
OpenRefine Remote Code execution in project import with mysql jdbc url attack
Critical
CVE-2023-41887
was published
for
org.openrefine:database
(Maven)
Sep 12, 2023
Command Injection Vulnerability in find-exec
Critical
CVE-2023-40582
was published
for
find-exec
(npm)
Aug 30, 2023
Heap-based buffer overflow in ZBar
Critical
CVE-2023-40889
was published
for
zbar
(pip)
Aug 29, 2023
external-svg-loader Cross-site Scripting vulnerability
Critical
CVE-2023-40013
was published
for
external-svg-loader
(npm)
Aug 14, 2023
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
Critical
CVE-2023-40267
was published
for
GitPython
(pip)
Aug 11, 2023
PyroCMS remote code execution vulnerability
Critical
CVE-2023-29689
was published
for
pyrocms/pyrocms
(Composer)
Aug 4, 2023
Aerospike Java Client vulnerable to unsafe deserialization of server responses
Critical
CVE-2023-36480
was published
for
com.aerospike:aerospike-client
(Maven)
Aug 3, 2023
Apache StreamPark Improper Input Validation vulnerability
Critical
CVE-2022-46365
was published
for
org.apache.streampark:streampark
(Maven)
Jul 6, 2023
git-commit-info vulnerable to Command Injection
Critical
CVE-2023-26134
was published
for
git-commit-info
(npm)
Jun 28, 2023
php-imap vulnerable to RCE through a directory traversal vulnerability
Critical
CVE-2023-35169
was published
for
webklex/laravel-imap
(Composer)
Jun 21, 2023
Grav Server Side Template Injection (SSTI) vulnerability
Critical
CVE-2023-34251
was published
for
getgrav/grav
(Composer)
Jun 16, 2023
Brook's tproxy server is vulnerable to a drive-by command injection.
Critical
CVE-2023-33965
was published
for
github.com/txthinking/brook
(Go)
Jun 6, 2023
ProTip!
Advisories are also available from the
GraphQL API