Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,701
Maven
5,000+
npm
4,328
NuGet
761
pip
4,103
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,889 advisories

Loading
@braintree/sanitize-url Cross-site Scripting vulnerability Moderate
CVE-2022-48345 was published for @braintree/sanitize-url (npm) Feb 24, 2023
RosarioSIS Improper Access Control vulnerability High
CVE-2023-0994 was published for francoisjacquet/rosariosis (Composer) Feb 24, 2023
Code injection in pdf_info Critical
CVE-2022-36231 was published for pdf_info (RubyGems) Feb 24, 2023
Update share links to use FRP instead of SSH tunneling Moderate
CVE-2023-25823 was published for gradio (pip) Feb 23, 2023
gregsadetsky samueltc
Credited to gregsadetsky and samueltc
Cross-site Scripting in Quarkus Moderate
CVE-2023-0044 was published for io.quarkus:quarkus-vertx-http (Maven) Feb 23, 2023
Undertow client not checking server identity presented by server certificate in https connections Critical
CVE-2022-4492 was published for io.undertow:undertow-core (Maven) Feb 23, 2023
fawind
Credited to fawind
MantisBT may expose private issues' summaries to unauthorized users Moderate
CVE-2023-22476 was published for mantisbt/mantisbt (Composer) Feb 23, 2023
Unsafe fall-through in getWhereConditions Critical
CVE-2023-22579 was published for @sequelize/core (npm) Feb 23, 2023
OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting Moderate
CVE-2023-0867 was published for org.opennms:opennms (Maven) Feb 23, 2023
Cross Site Scripting in OpenNMS Moderate
CVE-2023-0869 was published for org.opennms:opennms-web-api (Maven) Feb 23, 2023
OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting Moderate
CVE-2023-0868 was published for org.opennms:opennms-webapp (Maven) Feb 23, 2023
OpenNMS has potential Insertion of Sensitive Information into Log File vulnerability Moderate
CVE-2023-0815 was published for org.opennms:opennms (Maven) Feb 23, 2023
Improper Privilege Management in Apache Sling Moderate
CVE-2023-25621 was published for org.apache.sling:org.apache.sling.i18n (Maven) Feb 23, 2023
markdown-it-py Denial of Service vulnerability in the command line interface High
CVE-2023-26302 was published for markdown-it-py (pip) Feb 23, 2023
markdown-it-py Denial of Service vulnerability High
CVE-2023-26303 was published for markdown-it-py (pip) Feb 23, 2023
Sequelize vulnerable to SQL Injection via replacements Critical
CVE-2023-25813 was published for sequelize (npm) Feb 22, 2023
ephys
Credited to ephys
Apollo has potential access control security issue in eureka High
CVE-2023-25570 was published for com.ctrip.framework.apollo:apollo (Maven) Feb 22, 2023
apollo-portal has potential CSRF issue Moderate
CVE-2023-25569 was published for com.ctrip.framework.apollo:apollo (Maven) Feb 22, 2023
OpenNMS Horizon and Meridian vulnerable to Cross-site Scripting Moderate
CVE-2023-0846 was published for org.opennms:opennms (Maven) Feb 22, 2023
GeoTools OGC Filter SQL Injection Vulnerabilities Critical
CVE-2023-25158 was published for org.geotools:gt-jdbc (Maven) Feb 22, 2023
sikeoka
Credited to sikeoka
GeoServer OGC Filter SQL Injection Vulnerabilities Critical
CVE-2023-25157 was published for org.geoserver.community:gs-jdbcconfig (Maven) Feb 22, 2023
sikeoka
Credited to sikeoka
modoboa Cross-site Scripting vulnerability Moderate
CVE-2023-0949 was published for modoboa (pip) Feb 22, 2023
Versionn Command Injection Vulnerability Critical
CVE-2023-25805 was published for versionn (npm) Feb 22, 2023
Nautobot vulnerable to remote code execution via Jinja2 template rendering High
CVE-2023-25657 was published for nautobot (pip) Feb 22, 2023
notation-go has excessive memory allocation on verification High
CVE-2023-25656 was published for github.com/notaryproject/notation-go (Go) Feb 22, 2023
AdamKorcz shizhMSFT
Credited to AdamKorcz and shizhMSFT
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database