Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

148 advisories

Loading
juzawebCMS Injection vulnerability High
CVE-2023-46468 was published for juzaweb/cms (Composer) Oct 28, 2023
Ingress nginx annotation injection causes arbitrary command execution High
CVE-2023-5043 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
Langchain Server-Side Request Forgery vulnerability High
CVE-2023-32786 was published for langchain (pip) Oct 21, 2023
eyurtsev
SQL Injection in Apache InLong High
CVE-2023-43667 was published for org.apache.inlong:inlong (Maven) Oct 16, 2023
ThingsBoard Server-Side Template Injection High
CVE-2023-45303 was published for org.thingsboard:thingsboard (Maven) Oct 6, 2023
Composer Remote Code Execution vulnerability via web-accessible composer.phar High
CVE-2023-43655 was published for composer/composer (Composer) Sep 29, 2023
thomas-chauchefoin-sonarsource
Sandbox escape via various forms of "format". High
CVE-2023-41039 was published for RestrictedPython (pip) Aug 30, 2023
ankush abhishekg999
d-maurer icemac Quasar0147
Craft CMS vulnerable to Remote Code Execution via validatePath bypass High
CVE-2023-40035 was published for craftcms/cms (Composer) Aug 21, 2023
awakerrday
grav Server-side Template Injection (SSTI) mitigation bypass High
CVE-2023-37897 was published for getgrav/grav (Composer) Jul 19, 2023
s4ex Malayke
zenstruck/collection passing callable string to EntityRepository::find() and query() High
CVE-2023-37473 was published for zenstruck/collection (Composer) Jul 14, 2023
kbond
Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration High
CVE-2023-33234 was published for apache-airflow-providers-cncf-kubernetes (pip) Jul 6, 2023
Apache Ranger code execution vulnerability in policy expressions High
CVE-2022-45048 was published for org.apache.ranger:ranger (Maven) Jul 6, 2023
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers High
CVE-2023-0040 was published for github.com/swift-server/async-http-client (Swift) Jun 7, 2023
dellalibera
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function High
CVE-2023-26127 was published for n158 (npm) May 27, 2023
Craft CMS vulnerable to Remote Code Execution via unrestricted file extension High
CVE-2023-32679 was published for craftcms/cms (Composer) May 22, 2023
awakerrday
HTML injection in search results via plaintext message highlighting High
CVE-2023-30609 was published for matrix-react-sdk (npm) Apr 25, 2023
XWiki Platform vulnerable to code injection from view right on XWiki.ClassSheet High
CVE-2023-29522 was published for org.xwiki.platform:xwiki-platform-xclass-ui (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection from account/view through VFS Tree macro High
CVE-2023-29521 was published for org.xwiki.platform:xwiki-platform-vfs-ui (Maven) Apr 20, 2023
org.xwiki.platform:xwiki-platform-attachment-ui vulnerable to Code Injection High
CVE-2023-29519 was published for org.xwiki.platform:xwiki-platform-attachment-ui (Maven) Apr 20, 2023
XWiki Platform vulnerable to privilege escalation from view right using Invitation.InvitationCommon High
CVE-2023-29518 was published for org.xwiki.platform:xwiki-platform-invitation-ui (Maven) Apr 20, 2023
Command injection in Apache Sling High
CVE-2023-25141 was published for org.apache.sling:org.apache.sling.jcr.base (Maven) Feb 14, 2023
Withdrawn Advisory: HTML injections in BTCPayServer High
CVE-2023-0493 was published for BTCPayServer.Client (NuGet) Jan 27, 2023 withdrawn
ExifTool vulnerable to arbitrary code execution High
GHSA-q95h-cqrv-8jv5 was published for exiftool_vendored (RubyGems) Jan 20, 2023
dgollahon
Apache Tomcat improperly escapes input from JsonErrorReportValve High
CVE-2022-45143 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 3, 2023
westonsteimel
dustjs-linkedin vulnerable to Prototype Pollution High
CVE-2021-4264 was published for dustjs-linkedin (npm) Dec 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database