Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,043
Maven
5,000+
npm
4,781
NuGet
825
pip
4,382
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

26,440 advisories

Loading
Path Traversal in Apache Shiro Critical
CVE-2023-34478 was published for org.apache.shiro:shiro-web (Maven) Jul 24, 2023
Duplicate Advisory: Keylime's registrar vulnerable to Denial-of-service attack via a single open connection High
GHSA-9gjg-834p-5gvv was published for keylime (pip) Jul 24, 2023 withdrawn
Indico vulnerable to Cross-Site-Scripting via confirmation prompts Moderate
CVE-2023-37901 was published for indico (pip) Jul 21, 2023
ThiefMaster Credited to ThiefMaster
copyparty vulnerable to reflected cross-site scripting via hc parameter Moderate
GHSA-cw7j-v52w-fp5r was published for copyparty (pip) Jul 21, 2023
TheHackyDog Credited to TheHackyDog
Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2023-3819 was published for pimcore/pimcore (Composer) Jul 21, 2023
dkarlovi Credited to dkarlovi
Pimcore vulnerable to SQL Injection in Dataobjects sorting High
CVE-2023-3820 was published for pimcore/pimcore (Composer) Jul 21, 2023
hiu240900 Credited to hiu240900
KubePi may leak password hash of any user Moderate
CVE-2023-37916 was published for github.com/KubeOperator/kubepi (Go) Jul 21, 2023
ch1nhpd Credited to ch1nhpd
KubePi Privilege Escalation vulnerability Critical
CVE-2023-37917 was published for github.com/KubeOperator/kubepi (Go) Jul 21, 2023
ch1nhpd Credited to ch1nhpd
Dapr API token authentication bypass in HTTP endpoints Moderate
CVE-2023-37918 was published for github.com/dapr/dapr (Go) Jul 21, 2023
ItalyPaleAle Credited to ItalyPaleAle
Pimcore Cross-site Scripting vulnerability Moderate
CVE-2023-3822 was published for pimcore/pimcore (Composer) Jul 21, 2023
Pimcore Cross-site Scripting vulnerability Moderate
CVE-2023-3821 was published for pimcore/pimcore (Composer) Jul 21, 2023
RuoYi vulnerable to Cross-site Scripting Low
CVE-2023-3815 was published for com.ruoyi:ruoyi (Maven) Jul 21, 2023
Cockpit CMS vulnerable to incorrect access control High
CVE-2023-37649 was published for cockpit-hq/cockpit (Composer) Jul 20, 2023
Cockpit CMS Cross-Site Request Forgery vulnerability High
CVE-2023-37650 was published for cockpit-hq/cockpit (Composer) Jul 20, 2023
Alkacon OpenCMS arbitrary file upload vulnerability Moderate
CVE-2023-37602 was published for org.opencms:opencms-core (Maven) Jul 20, 2023
OpenAM vulnerable to user impersonation using SAMLv1.x SSO process Critical
CVE-2023-37471 was published for org.openidentityplatform.openam:openam-federation-library (Maven) Jul 20, 2023
atorralba Credited to atorralba and sylwia-budzynska sylwia-budzynska sylwia-budzynska
Feathers socket handler allows abusing implicit toString High
CVE-2023-37899 was published for @feathersjs/socketio (npm) Jul 20, 2023
CodeanIO Credited to CodeanIO
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser Moderate
CVE-2023-37276 was published for aiohttp (pip) Jul 20, 2023
sethmlarson Credited to sethmlarson
Nomad Search API Leaks Information About CSI Plugins Moderate
CVE-2023-3300 was published for github.com/hashicorp/nomad (Go) Jul 20, 2023
anonymous4ACL24 Credited to anonymous4ACL24
Nomad ACL Policies without Label are Applied to Unexpected Resources Moderate
CVE-2023-3072 was published for github.com/hashicorp/nomad (Go) Jul 20, 2023
anonymous4ACL24 Credited to anonymous4ACL24
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel Low
CVE-2023-3299 was published for github.com/hashicorp/nomad (Go) Jul 20, 2023
anonymous4ACL24 Credited to anonymous4ACL24
grav Server-side Template Injection (SSTI) mitigation bypass High
CVE-2023-37897 was published for getgrav/grav (Composer) Jul 19, 2023
s4ex Credited to s4ex and Malayke Malayke Malayke
impl `FromMdbValue` for bool is unsound Moderate
GHSA-f9g6-fp84-fv92 was published for lmdb-rs (Rust) Jul 19, 2023
Hazelcast Executor Services don't check client permissions properly High
CVE-2023-33265 was published for com.hazelcast:hazelcast (Maven) Jul 19, 2023
keylime fails to flag device as untrusted when signature does not validate Moderate
CVE-2023-3674 was published for keylime (pip) Jul 19, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database