Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,043
Maven
5,000+
npm
4,781
NuGet
825
pip
4,382
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

26,440 advisories

Loading
Exposure of system-scoped credentials in Jenkins Dimensions Plugin Moderate
CVE-2023-32262 was published for org.jenkins-ci.plugins:dimensionsscm (Maven) Jul 19, 2023
Potential leak of credentials in Micro Focus Dimensions CM Jenkins Plugin Low
CVE-2023-32263 was published for org.jenkins-ci.plugins:dimensionsscm (Maven) Jul 19, 2023
Missing permission check in Jenkins Dimensions Plugin allows enumerating credentials IDs Moderate
CVE-2023-32261 was published for org.jenkins-ci.plugins:dimensionsscm (Maven) Jul 19, 2023
Pygments vulnerable to ReDoS Moderate
CVE-2022-40896 was published for Pygments (pip) Jul 19, 2023
Access Control Bypass in Spring Security Critical
CVE-2023-34034 was published for org.springframework.security:spring-security-config (Maven) Jul 19, 2023
bbossola Credited to bbossola and furti furti furti
Apache ShardingSphere-Agent Deserialization of Untrusted Data vulnerability High
CVE-2023-28754 was published for org.apache.shardingsphere:shardingsphere (Maven) Jul 19, 2023
MLflow Path Traversal vulnerability Critical
CVE-2023-3765 was published for mlflow (pip) Jul 19, 2023
goproxy Denial of Service vulnerability High
CVE-2023-37788 was published for github.com/elazarl/goproxy (Go) Jul 18, 2023
Fides Webserver Vulnerable to SVG Bomb File Uploads Low
CVE-2023-37481 was published for ethyca-fides (pip) Jul 18, 2023
daveqnet Credited to daveqnet
Fides Webserver Vulnerable to Zip Bomb File Uploads Low
CVE-2023-37480 was published for ethyca-fides (pip) Jul 18, 2023
daveqnet Credited to daveqnet
Keycloak: Impersonation and lockout possible through incorrect handling of email trust Moderate
CVE-2023-0105 was published for org.keycloak:keycloak-core (Maven) Jul 18, 2023
1Panel command injection vulnerability in Firewall ip functionality High
CVE-2023-37477 was published for github.com/1Panel-dev/1Panel (Go) Jul 18, 2023
Malayke Credited to Malayke and amascia-gg amascia-gg amascia-gg
OpenRefine vulnerable to zip slip in project import Moderate
CVE-2023-37476 was published for org.openrefine:main (Maven) Jul 18, 2023
stefan-schiller-sonarsource Credited to stefan-schiller-sonarsource
Spring Security's authorization rules can be misconfigured when using multiple servlets High
CVE-2023-34035 was published for org.springframework.security:spring-security-config (Maven) Jul 18, 2023
matrix-react-sdk vulnerable to XSS in Export Chat feature Moderate
CVE-2023-37259 was published for matrix-react-sdk (npm) Jul 18, 2023
libostree vulnerable to denial of service attack Moderate
CVE-2022-47085 was published for ostree (Rust) Jul 18, 2023
postgraas-server vulnerable to SQL injection Critical
CVE-2018-25088 was published for postgraas-server (pip) Jul 18, 2023
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all Low
GHSA-f2wx-xjfw-xjv6 was published for topgrade (Rust) Jul 17, 2023
signed-log Credited to signed-log
CasaOS contains weak JWT secrets Critical
CVE-2023-37266 was published for github.com/IceWhaleTech/CasaOS (Go) Jul 17, 2023
thomas-chauchefoin-sonarsource Credited to thomas-chauchefoin-sonarsource
CasaOS Gateway vulnerable to incorrect identification of source IP addresses Critical
CVE-2023-37265 was published for github.com/IceWhaleTech/CasaOS-Gateway (Go) Jul 17, 2023
thomas-chauchefoin-sonarsource Credited to thomas-chauchefoin-sonarsource
Spring HATEOAS vulnerable to Improper Neutralization of HTTP Headers for Scripting Syntax Moderate
CVE-2023-34036 was published for org.springframework.hateoas:spring-hateoas (Maven) Jul 17, 2023
avro vulnerable to denial of service via attacker-controlled parameter High
CVE-2023-37475 was published for github.com/hamba/avro (Go) Jul 17, 2023
AdamKorcz Credited to AdamKorcz
Easy!Appointments Improper Access Control vulnerability Moderate
CVE-2023-3700 was published for alextselegidis/easyappointments (Composer) Jul 17, 2023
rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message Critical
CVE-2023-26512 was published for org.apache.eventmesh:eventmesh-connector-rabbitmq (Maven) Jul 17, 2023
raboof Credited to raboof
Mongoose Prototype Pollution vulnerability Critical
CVE-2023-3696 was published for mongoose (npm) Jul 17, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database