Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
47
Go
3,295
Maven
5,000+
npm
5,000+
NuGet
876
pip
4,524
Pub
12
RubyGems
1,008
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,653 advisories

Loading
memory overflow vulnerability in OpenEXR-viewer Critical
CVE-2023-50245 was published for afichet/openexr-viewer (GitHub Actions) Dec 12, 2023
GAP-dev Credited to GAP-dev
Jinja2 template injection in mlflow High
CVE-2023-6709 was published for mlflow (pip) Dec 12, 2023
Duplicate Advisory: Privilege escalation in sap-xssec Critical
GHSA-p99h-pfg6-qrfg was published for sap-xssec (pip) Dec 12, 2023 withdrawn
Escalation of privileges in @sap/xssec Critical
CVE-2023-49583 was published for @sap/xssec (npm) Dec 12, 2023
leon-vg Credited to leon-vg
Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go Critical
GHSA-92cg-ghq6-9587 was published for github.com/sap/cloud-security-client-go (Go) Dec 12, 2023 withdrawn
Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library Critical
GHSA-gcgw-q47m-prvj was published for com.sap.cloud.security.xsuaa:spring-xsuaa (Maven) Dec 12, 2023 withdrawn
Password Change Vulnerability Moderate
CVE-2023-49804 was published for uptime-kuma (npm) Dec 12, 2023
manoonabbasi Credited to manoonabbasi
lakeFS logs S3 credentials in plain text High
GHSA-4rgc-5g6r-2rjf was published for github.com/treeverse/lakefs (Go) Dec 12, 2023
User with permission to write actions can impersonate another user when auth token is configured in environment variable Moderate
GHSA-26hr-q2wp-rvc5 was published for github.com/treeverse/lakefs (Go) Dec 12, 2023
nopcoder Credited to nopcoder and arielshaqed arielshaqed arielshaqed
SSRF & Credentials Leak High
CVE-2023-49799 was published for nuxt-api-party (npm) Dec 12, 2023
OhB00 Credited to OhB00
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4 Moderate
CVE-2023-49798 was published for @openzeppelin/contracts (npm) Dec 12, 2023
Improper Input Validation in mindsdb Moderate
CVE-2023-49796 was published for mindsdb (pip) Dec 12, 2023
sylwia-budzynska Credited to sylwia-budzynska
Server-Side Request Forgery in mindsdb Moderate
CVE-2023-49795 was published for mindsdb (pip) Dec 12, 2023
sylwia-budzynska Credited to sylwia-budzynska
Always incorrect control flow in github.com/mojocn/base64Captcha Moderate
CVE-2023-45292 was published for github.com/mojocn/base64Captcha (Go) Dec 12, 2023
Stale copy of the public suffix list Low
GHSA-w4x6-hh3x-wjrx was published for Gsemac.Net (NuGet) Dec 11, 2023
Overly permissive origin policy High
CVE-2023-49803 was published for @koa/cors (npm) Dec 11, 2023
PawelJ-PL Credited to PawelJ-PL
DOS by abusing `fetchOptions.retry`. High
CVE-2023-49800 was published for nuxt-api-party (npm) Dec 11, 2023
OhB00 Credited to OhB00
Header spoofing in caddy-geo-ip Moderate
CVE-2023-50463 was published for github.com/shift72/caddy-geo-ip (Go) Dec 11, 2023
Cross-site Scripting in Semantic MediaWiki Moderate
CVE-2022-48614 was published for mediawiki/semantic-media-wiki (Composer) Dec 10, 2023
Directory Traversal in JFinalCMS High
CVE-2023-50449 was published for com.jfinal:jfinal (Maven) Dec 10, 2023
PHPEMS Deserialization of Untrusted Data vulnerability Moderate
CVE-2023-6654 was published for phpems/phpems (Composer) Dec 10, 2023
Authorization bypass in Quarkus High
CVE-2023-6394 was published for io.quarkus:quarkus-smallrye-graphql-client (Maven) Dec 9, 2023
cescoffier Credited to cescoffier
Local Privilege Escalation in Windows High
CVE-2023-49797 was published for pyinstaller (pip) Dec 9, 2023
Memory exhaustion in HashiCorp Vault High
CVE-2023-6337 was published for github.com/hashicorp/vault (Go) Dec 9, 2023
eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations Low
GHSA-99jv-8292-2hpm was published for knative.dev/eventing-gitlab (Go) Dec 8, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database