Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
1,570
Erlang
20
GitHub Actions
10
Go
1,023
Maven
3,519
npm
2,987
NuGet
273
pip
1,721
Pub
5
RubyGems
679
Rust
612
Unreviewed advisories
All unreviewed
5,000+

12,325 advisories

mlflow Path Traversal vulnerability Critical
CVE-2023-2780 was published for mlflow (pip) May 17, 2023
ReactPHP's HTTP server continues parsing unused multipart parts after reaching input field and file upload limits Moderate
CVE-2023-26044 was published for react/http (Composer) May 17, 2023
WyriHaximus
Dgraph Audit Log Encryption Vulnerability Low
CVE-2023-31135 was published for github.com/dgraph-io/dgraph (Go) May 17, 2023
HakuPiku joshua-goldstein
skrdgraph
pimcore/customer-management-framework-bundle has SQL Injection vulnerability in Segment Assignment query Moderate
CVE-2023-2756 was published for pimcore/customer-management-framework-bundle (Composer) May 17, 2023
JoMC98
phpMyFAQ vulnerable to stored Cross-site Scripting High
CVE-2023-2753 was published for thorsten/phpmyfaq (Composer) May 17, 2023
phpMyFAQ vulnerable to stored Cross-site Scripting High
CVE-2023-2752 was published for thorsten/phpmyfaq (Composer) May 17, 2023
vm2 vulnerable to Inspect Manipulation Moderate
CVE-2023-32313 was published for vm2 (npm) May 17, 2023
arkark
Starlette has Path Traversal vulnerability in StaticFiles Low
GHSA-v5gw-mw7f-84px was published for starlette (pip) May 17, 2023
aminalaee
Moodle vulnerable to stored Cross-site Scripting Moderate
CVE-2021-27131 was published for moodle/moodle (Composer) May 16, 2023
alkacon-OpenCMS vulnerable to stored Cross-site Scripting Moderate
CVE-2023-31544 was published for org.opencms:opencms-core (Maven) May 16, 2023
Jenkins Code Dx Plugin cross-site request forgery vulnerability Moderate
CVE-2023-2195 was published for org.jenkins-ci.plugins:codedx (Maven) May 16, 2023
Jenkins Code Dx Plugin missing permission checks Moderate
CVE-2023-2631 was published for org.jenkins-ci.plugins:codedx (Maven) May 16, 2023
Jenkins Ansible Plugin job configuration form does not mask variables Moderate
CVE-2023-32983 was published for org.jenkins-ci.plugins:ansible (Maven) May 16, 2023
Jenkins Azure VM Agents Plugin Cross-site Request Forgery vulnerability Moderate
CVE-2023-32989 was published for org.jenkins-ci.plugins:azure-vm-agents (Maven) May 16, 2023
Jenkins Azure VM Agents Plugin missing permission checks Moderate
CVE-2023-32988 was published for org.jenkins-ci.plugins:azure-vm-agents (Maven) May 16, 2023
Jenkins Sidebar Link Plugin vulnerable to Path Traversal Moderate
CVE-2023-32985 was published for org.jenkins-ci.plugins:sidebar-link (Maven) May 16, 2023
Jenkins TestNG Results Plugin Stored Cross-site Scripting vulnerability High
CVE-2023-32984 was published for org.jenkins-ci.plugins:testng-plugin (Maven) May 16, 2023
Jenkins Reverse Proxy Auth Plugin cross-site request forgery vulnerability Moderate
CVE-2023-32987 was published for org.jenkins-ci.plugins:reverse-proxy-auth-plugin (Maven) May 16, 2023
Jenkins Email Extension Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2023-32980 was published for org.jenkins-ci.plugins:email-ext (Maven) May 16, 2023
Jenkins File Parameter Plugin arbitrary file write vulnerability High
CVE-2023-32986 was published for io.jenkins.plugins:file-parameters (Maven) May 16, 2023
Jenkins Tag Profiler Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-33003 was published for org.jenkins-ci.plugins:tag-profiler (Maven) May 16, 2023
TestComplete support Plugin vulnerable to stored Cross-site Scripting High
CVE-2023-33002 was published for org.jenkins-ci.plugins:TestComplete (Maven) May 16, 2023
Jenkins Tag Profiler Plugin missing permission check Moderate
CVE-2023-33004 was published for org.jenkins-ci.plugins:tag-profiler (Maven) May 16, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability High
CVE-2023-33005 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 16, 2023
Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability High
CVE-2023-32991 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
ProTip! Advisories are also available from the GraphQL API