Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,736
Maven
5,000+
npm
4,336
NuGet
764
pip
4,110
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,960 advisories

Loading
Sequelize vulnerable to SQL Injection via replacements Critical
CVE-2023-25813 was published for sequelize (npm) Feb 22, 2023
ephys
Credited to ephys
Apollo has potential access control security issue in eureka High
CVE-2023-25570 was published for com.ctrip.framework.apollo:apollo (Maven) Feb 22, 2023
apollo-portal has potential CSRF issue Moderate
CVE-2023-25569 was published for com.ctrip.framework.apollo:apollo (Maven) Feb 22, 2023
OpenNMS Horizon and Meridian vulnerable to Cross-site Scripting Moderate
CVE-2023-0846 was published for org.opennms:opennms (Maven) Feb 22, 2023
GeoTools OGC Filter SQL Injection Vulnerabilities Critical
CVE-2023-25158 was published for org.geotools:gt-jdbc (Maven) Feb 22, 2023
sikeoka
Credited to sikeoka
GeoServer OGC Filter SQL Injection Vulnerabilities Critical
CVE-2023-25157 was published for org.geoserver.community:gs-jdbcconfig (Maven) Feb 22, 2023
sikeoka
Credited to sikeoka
modoboa Cross-site Scripting vulnerability Moderate
CVE-2023-0949 was published for modoboa (pip) Feb 22, 2023
Versionn Command Injection Vulnerability Critical
CVE-2023-25805 was published for versionn (npm) Feb 22, 2023
Nautobot vulnerable to remote code execution via Jinja2 template rendering High
CVE-2023-25657 was published for nautobot (pip) Feb 22, 2023
notation-go has excessive memory allocation on verification High
CVE-2023-25656 was published for github.com/notaryproject/notation-go (Go) Feb 22, 2023
AdamKorcz shizhMSFT
Credited to AdamKorcz and shizhMSFT
MongoDB .NET/C# Driver vulnerable to Deserialization of Untrusted Data High
CVE-2022-48282 was published for MongoDB.Driver (NuGet) Feb 21, 2023
GoPistolet vulnerable to Improper Resource Shutdown or Release High
CVE-2015-10085 was published for github.com/gopistolet/gopistolet (Go) Feb 21, 2023
Codiad information disclosure vulnerability High
CVE-2017-20178 was published for codiad/codiad (Composer) Feb 21, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-0934 was published for github.com/answerdev/answer (Go) Feb 21, 2023
iziModal Cross-site Scripting vulnerability Moderate
CVE-2021-32860 was published for izimodal (npm) Feb 21, 2023
Vditor Cross-site Scripting vulnerability Moderate
CVE-2021-32855 was published for vditor (npm) Feb 21, 2023
Microweber Cross-site Scripting vulnerability Moderate
CVE-2021-32856 was published for microweber/microweber (Composer) Feb 21, 2023
Baremetrics date range picker vulnerable to Cross-site Scripting Moderate
CVE-2021-32859 was published for baremetrics-calendar (npm) Feb 21, 2023
textAngular Cross-site Scripting vulnerability Moderate
CVE-2021-32854 was published for textangular (npm) Feb 21, 2023
@claviska/jquery-minicolors vulnerable to Cross-site Scripting Moderate
CVE-2021-32850 was published for @claviska/jquery-minicolors (npm) Feb 21, 2023
Erxes vulnerable to Cross-site Scripting Moderate
CVE-2021-32853 was published for erxes (npm) Feb 21, 2023
Mind-elixir Cross-site Scripting vulnerability Moderate
CVE-2021-32851 was published for mind-elixir (npm) Feb 21, 2023
Apache Commons FileUpload denial of service vulnerability High
CVE-2023-24998 was published for commons-fileupload:commons-fileupload (Maven) Feb 20, 2023
sunSUNQ westonsteimel
Credited to sunSUNQ and westonsteimel
Apache Kerby LdapIdentityBackend LDAP Injection vulnerability Critical
CVE-2023-25613 was published for org.apache.kerby:ldap-backend (Maven) Feb 20, 2023
dd-plist XML External Entitly vulnerability High
CVE-2016-15026 was published for com.googlecode.plist:dd-plist (Maven) Feb 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database