Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
1,547
Erlang
20
GitHub Actions
10
Go
1,009
Maven
3,472
npm
2,979
NuGet
273
pip
1,707
Pub
5
RubyGems
679
Rust
612
Unreviewed advisories
All unreviewed
5,000+

12,219 advisories

craftcms/cms vulnerable to cross site scripting in RSS feed widget Moderate
CVE-2023-31144 was published for craftcms/cms (Composer) May 5, 2023
DominikRebecki
Mage-ai missing user authentication Moderate
CVE-2023-31143 was published for mage-ai (pip) May 5, 2023
vyper vulnerable to storage allocator overflow Moderate
CVE-2023-30837 was published for vyper (pip) May 5, 2023
ToonVanHove trocher
Cross Site Scripting in thorsten/phpmyfaq Moderate
CVE-2023-2427 was published for thorsten/phpmyfaq (Composer) May 5, 2023
Cross Site Scripting in thorsten/phpmyfaq High
CVE-2023-2550 was published for thorsten/phpmyfaq (Composer) May 5, 2023
Cross Site Scripting in nilsteampassnet/teampass Moderate
CVE-2023-2516 was published for nilsteampassnet/teampass (Composer) May 5, 2023
Apache Ranger Hive Plugin missing permissions check High
CVE-2021-40331 was published for org.apache.ranger:ranger-hive-plugin (Maven) May 5, 2023
Path Traversal in Ghost Moderate
CVE-2023-32235 was published for ghost (npm) May 5, 2023
AzuraCast missing brute force prevention Moderate
CVE-2023-2531 was published for azuracast/azuracast (Composer) May 5, 2023
Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints Low
CVE-2023-30844 was published for github.com/mutagen-io/mutagen (Go) May 5, 2023
Uncontrolled Resource Consumption in OPC UA .NET Standard Reference Server High
CVE-2023-27321 was published for OPCFoundation.NetStandard.Opc.Ua.Server (NuGet) May 5, 2023
Exposure of Sensitive Information in OPC UA .NET Standard Reference Server Moderate
CVE-2023-31048 was published for OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) May 5, 2023
Under-validated ComSpec and cmd.exe resolution in Mutagen projects Low
GHSA-fwj4-72fm-c93g was published for github.com/mutagen-io/mutagen (Go) May 5, 2023
Cross-site scripting in TotalJS High
CVE-2023-30094 was published for total4 (npm) May 4, 2023
Improper input validation in github.com/gin-gonic/gin Moderate
CVE-2023-26125 was published for github.com/gin-gonic/gin (Go) May 4, 2023
Stored cross site scripting in Microbin Moderate
CVE-2023-27075 was published for microbin (Rust) May 4, 2023
Server-side template injection in beetl High
CVE-2023-30331 was published for com.ibeetl:beetl (Maven) May 4, 2023
Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites Moderate
CVE-2023-31134 was published for tauri (Rust) May 3, 2023
Ghost vulnerable to information disclosure of private API fields High
CVE-2023-31133 was published for ghost (npm) May 3, 2023
cpaczek
engine.io Uncaught Exception vulnerability High
CVE-2023-31125 was published for engine.io (npm) May 3, 2023
Rekor's compressed archives can result in OOM conditions Moderate
CVE-2023-30551 was published for github.com/sigstore/rekor (Go) May 3, 2023
AdamKorcz DavidKorczynski
Command injection in OpenTSDB Critical
CVE-2023-25826 was published for net.opentsdb:opentsdb (Maven) May 3, 2023
Cross Site Scripting in OpenTSDB High
CVE-2023-25827 was published for net.opentsdb:opentsdb (Maven) May 3, 2023
Moodle SQL Injection vulnerability High
CVE-2023-30944 was published for moodle/moodle (Composer) May 2, 2023
Moodle External Control of File Name or Path vulnerability Moderate
CVE-2023-30943 was published for moodle/moodle (Composer) May 2, 2023
ProTip! Advisories are also available from the GraphQL API