Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
1,582
Erlang
20
GitHub Actions
10
Go
1,033
Maven
3,548
npm
2,996
NuGet
279
pip
1,732
Pub
5
RubyGems
682
Rust
614
Unreviewed advisories
All unreviewed
5,000+

12,401 advisories

Kyverno vulnerable due to usage of insecure cipher Moderate
GHSA-hgv6-w7r3-w4qw was published for github.com/kyverno/kyverno (Go) May 30, 2023
abhilashbs1981
sccache vulnerable to privilege escalation if server is run as root Moderate
CVE-2023-1521 was published for sccache (Rust) May 30, 2023
kevinbackhouse
Dolibarr vulnerable to remote code execution via uppercase manipulation Moderate
CVE-2023-30253 was published for dolibarr/dolibarr (Composer) May 29, 2023
keep-module-latest vulnerable to Command Injection due to missing input sanitization High
CVE-2023-26128 was published for keep-module-latest (npm) May 27, 2023
bwm-ng vulnerable to command injection High
CVE-2023-26129 was published for bwm-ng (npm) May 27, 2023
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function High
CVE-2023-26127 was published for n158 (npm) May 27, 2023
Pomerium vulnerable to Incorrect Authorization with specially crafted requests Critical
CVE-2023-33189 was published for github.com/pomerium/pomerium (Go) May 26, 2023
nonsleepr
malformed proposed intoto entries can cause a panic Moderate
CVE-2023-33199 was published for github.com/sigstore/rekor (Go) May 26, 2023
Keycloak vulnerable to untrusted certificate validation Low
CVE-2023-1664 was published for org.keycloak:keycloak-core (Maven) May 26, 2023
Privilege escalation in XXL-Job Moderate
CVE-2023-33779 was published for com.xuxueli:xxl-job (Maven) May 26, 2023
Spring Boot Welcome Page Denial of Service Low
CVE-2023-20883 was published for org.springframework.boot:spring-boot-autoconfigure (Maven) May 26, 2023
Server-Side Template Injection in Camaleon CMS Moderate
CVE-2023-30145 was published for camaleon_cms (RubyGems) May 26, 2023
secrets-store-csi-driver discloses service account tokens in logs Moderate
CVE-2023-2878 was published for sigs.k8s.io/secrets-store-csi-driver (Go) May 26, 2023
tshaiman
Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited Low
CVE-2023-33955 was published for github.com/minio/console (Go) May 26, 2023
Craft CMS stored XSS in indexedVolumes Moderate
CVE-2023-33197 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Craft CMS stored XSS in review volume Moderate
CVE-2023-33196 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Craft CMS XSS in RSS widget feed Moderate
CVE-2023-33195 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
CraftCMS stored XSS in Quick Post widget error message Low
CVE-2023-33194 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
html inputs of type password recorded in plaintext when converted to text inputs Moderate
CVE-2023-33187 was published for highlight.run (npm) May 26, 2023
Improper handling of NTS cookie length that could crash the ntpd-rs server High
CVE-2023-33192 was published for ntpd (Rust) May 25, 2023
mlichvar
kyverno seccomp control can be circumvented Moderate
CVE-2023-33191 was published for github.com/kyverno/kyverno (Go) May 25, 2023
Pimcore customers' list user password hash is disclosed Moderate
CVE-2023-2881 was published for pimcore/customer-management-framework-bundle (Composer) May 25, 2023
Unrestricted recursion in htmlunit High
CVE-2023-2798 was published for org.htmlunit:htmlunit (Maven) May 25, 2023
Open redirect in Tornado Moderate
CVE-2023-28370 was published for tornado (pip) May 25, 2023
christian-ruiz bdarnell
Apache JSPWiki vulnerable to cross-site scripting on several plugins Moderate
CVE-2022-46907 was published for org.apache.jspwiki:jspwiki-main (Maven) May 25, 2023
ProTip! Advisories are also available from the GraphQL API