Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
47
Go
3,295
Maven
5,000+
npm
5,000+
NuGet
876
pip
4,524
Pub
12
RubyGems
1,008
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,653 advisories

Loading
Code execution in evershop Critical
CVE-2023-46498 was published for @evershop/evershop (npm) Dec 8, 2023
Cross-site Scripting in evershop Moderate
CVE-2023-46499 was published for @evershop/evershop (npm) Dec 8, 2023
Cross-site Scripting in evershop Moderate
CVE-2023-46495 was published for @evershop/evershop (npm) Dec 8, 2023
Directory Traversal in evershop Moderate
CVE-2023-46493 was published for @evershop/evershop (npm) Dec 8, 2023
Directory Traversal in evershop Moderate
CVE-2023-46497 was published for @evershop/evershop (npm) Dec 8, 2023
Cross Site Scripting in evershop Moderate
CVE-2023-46494 was published for @evershop/evershop (npm) Dec 8, 2023
Directory Traversal in evershop High
CVE-2023-46496 was published for @evershop/evershop (npm) Dec 8, 2023
dbt-core's secret env vars written to package-lock.json in plaintext Low
GHSA-j4g3-3q8x-jxqp was published for dbt-core (pip) Dec 8, 2023
jtcohen6 Credited to jtcohen6, MichelleArk, and martynydbt MichelleArk MichelleArk
martynydbt martynydbt
Cross-site Scripting in JFinalCMS Moderate
CVE-2023-49485 was published for com.jfinal:jfinal (Maven) Dec 8, 2023
Cross-site Scripting in JFinalCMS Moderate
CVE-2023-49487 was published for com.jfinal:jfinal (Maven) Dec 8, 2023
Cross-site Scripting in JFinalCMS Moderate
CVE-2023-49486 was published for com.jfinal:jfinal (Maven) Dec 8, 2023
Candid infinite decoding loop through specially crafted payload High
CVE-2023-6245 was published for candid (Rust) Dec 8, 2023
venkkatesh-sekar Credited to venkkatesh-sekar and chenyan-dfinity chenyan-dfinity chenyan-dfinity
Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG Editor High
GHSA-9j5w-2cqc-cwj9 was published for openmage/magento-lts (Composer) Dec 8, 2023
halitAKAYDIN Credited to halitAKAYDIN
DockerSpawner allows any image by default Moderate
CVE-2023-48311 was published for dockerspawner (pip) Dec 8, 2023
mockjs vulnerable to Prototype Pollution via the Util.extend function High
CVE-2023-26158 was published for mockjs (npm) Dec 8, 2023
Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method High
CVE-2023-48122 was published for microweber/microweber (Composer) Dec 8, 2023
Microweber missing standardized error handling mechanism Low
CVE-2023-6599 was published for microweber/microweber (Composer) Dec 8, 2023
Directory Traversal in Gladys Assistant Moderate
CVE-2023-47440 was published for gladys (npm) Dec 7, 2023
Apache Struts vulnerable to path traversal Critical
CVE-2023-50164 was published for org.apache.struts:struts2-core (Maven) Dec 7, 2023
yoshizawa-masatoshi Credited to yoshizawa-masatoshi and henrikplate henrikplate henrikplate
Cross-site Scripting (XSS) in MLflow Moderate
CVE-2023-6568 was published for mlflow (pip) Dec 7, 2023
Microweber Business Logic Errors Moderate
CVE-2023-6566 was published for microweber/microweber (Composer) Dec 7, 2023
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations Low
GHSA-v7hc-87jc-qrrr was published for knative.dev/eventing-github (Go) Dec 6, 2023
Quarkus Cache Runtime exposes sensitive information to an unauthorized actor Moderate
CVE-2023-6393 was published for io.quarkus:quarkus-cache (Maven) Dec 6, 2023
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-6459 was published for github.com/mattermost/mattermost-server/v6 (Go) Dec 6, 2023
Mattermost Injection vulnerability High
CVE-2023-6458 was published for github.com/mattermost/mattermost-server/v6 (Go) Dec 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database