Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
1,339
Erlang
21
GitHub Actions
6
Go
904
Maven
3,242
npm
2,878
NuGet
260
pip
1,611
Pub
4
RubyGems
620
Rust
578
Unreviewed advisories
All unreviewed
5,000+

11,388 advisories

Insecure Temporary File in RESTEasy Moderate
CVE-2023-0482 was published for org.jboss.resteasy:resteasy-undertow (Maven) Feb 18, 2023
Cross-site Scripting in jspreadsheet Moderate
CVE-2022-48115 was published for jspreadsheet-ce (npm) Feb 18, 2023
User data in TPM attestation vulnerable to MITM High
GHSA-r2h5-3hgw-8j34 was published for github.com/edgelesssys/constellation/v2 (Go) Feb 17, 2023
Privilege escalation in MOSN High
CVE-2021-32163 was published for mosn.io/mosn (Go) Feb 17, 2023
Uncontrolled Resource Consumption Low
CVE-2022-41723 was published for golang.org/x/net (Go) Feb 17, 2023
Uncontrolled Resource Consumption Low
CVE-2022-41727 was published for golang.org/x/image (Go) Feb 17, 2023
Misinterpretation of Input in thorsten/phpmyfaq High
CVE-2023-0880 was published for thorsten/phpmyfaq (Composer) Feb 17, 2023
Code Injection in froxlor/froxlor Critical
CVE-2023-0877 was published for froxlor/froxlor (Composer) Feb 17, 2023
Uncontrolled Resource Consumption in Hashicorp Nomad Low
CVE-2023-0821 was published for github.com/hashicorp/nomad (Go) Feb 17, 2023
Data Amplification in HashiCorp go-getter Moderate
CVE-2023-0475 was published for github.com/hashicorp/go-getter (Go) Feb 16, 2023
Users with any cluster secret update access may update out-of-bounds cluster secrets Critical
CVE-2023-23947 was published for github.com/argoproj/argo-cd (Go) Feb 16, 2023
crenshaw-dev
XML External Entity (XXE) vulnerability in apoc.import.graphml Moderate
CVE-2023-23926 was published for org.neo4j.procedure:apoc-core (Maven) Feb 16, 2023
CRLF Injection in Nodejs ‘undici’ via host Moderate
CVE-2023-23936 was published for undici (npm) Feb 16, 2023
Regular Expression Denial of Service in Headers High
CVE-2023-24807 was published for undici (npm) Feb 16, 2023
sno2
Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS) High
CVE-2023-25653 was published for node-jose (npm) Feb 16, 2023
justaugustus bifurcation
Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler Moderate
GHSA-j2wh-wrv3-4x4g was published for @graphql-mesh/cli (npm) Feb 16, 2023
ardatan dotansimha
OCI image importer memory exhaustion in github.com/containerd/containerd Moderate
CVE-2023-25153 was published for github.com/containerd/containerd (Go) Feb 16, 2023
AdamKorcz DavidKorczynski
Privilege escalation in Strongbox Moderate
GHSA-mhgm-52vg-pvvc was published for com.schibsted.security:strongbox-sdk (Maven) Feb 16, 2023
Supplementary groups are not set up properly in github.com/containerd/containerd Moderate
CVE-2023-25173 was published for github.com/containerd/containerd (Go) Feb 16, 2023
Improper Restriction of Excessive Authentication Attempts in modoboa Moderate
CVE-2023-0860 was published for modoboa (pip) Feb 16, 2023
Cross-site Scripting in kimai/kimai Moderate
CVE-2020-19825 was published for kimai/kimai (Composer) Feb 16, 2023
Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug Moderate
GHSA-76r7-h46w-463r was published for pimcore/pimcore (Composer) Feb 15, 2023
Sanketx0722
No protection against brute-force attacks on login page High
CVE-2023-25156 was published for kiwitcms (pip) Feb 15, 2023
Denial of service vulnerability on Password reset page High
CVE-2023-25171 was published for kiwitcms (pip) Feb 15, 2023
mosaa404
Denial of service vulnerability when parsing multipart request body High
CVE-2023-25578 was published for starlite (pip) Feb 15, 2023
das7pad
ProTip! Advisories are also available from the GraphQL API