Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
1,915
Erlang
21
GitHub Actions
10
Go
1,144
Maven
3,749
npm
3,080
NuGet
419
pip
1,832
Pub
5
RubyGems
726
Rust
633
Swift
26
Unreviewed advisories
All unreviewed
5,000+

13,442 advisories

Indico vulnerable to Cross-Site-Scripting via confirmation prompts Moderate
CVE-2023-37901 was published for indico (pip) Jul 21, 2023
ThiefMaster
copyparty vulnerable to reflected cross-site scripting via hc parameter Moderate
GHSA-cw7j-v52w-fp5r was published for copyparty (pip) Jul 21, 2023
TheHackyDog
Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2023-3819 was published for pimcore/pimcore (Composer) Jul 21, 2023
dkarlovi
Pimcore vulnerable to SQL Injection in Dataobjects sorting High
CVE-2023-3820 was published for pimcore/pimcore (Composer) Jul 21, 2023
hiu240900
KubePi may leak password hash of any user Moderate
CVE-2023-37916 was published for github.com/KubeOperator/kubepi (Go) Jul 21, 2023
ch1nhpd
KubePi Privilege Escalation vulnerability Critical
CVE-2023-37917 was published for github.com/KubeOperator/kubepi (Go) Jul 21, 2023
ch1nhpd
Dapr API token authentication bypass in HTTP endpoints Moderate
CVE-2023-37918 was published for github.com/dapr/dapr (Go) Jul 21, 2023
ItalyPaleAle
Pimcore Cross-site Scripting vulnerability Moderate
CVE-2023-3822 was published for pimcore/pimcore (Composer) Jul 21, 2023
Pimcore Cross-site Scripting vulnerability Moderate
CVE-2023-3821 was published for pimcore/pimcore (Composer) Jul 21, 2023
RuoYi vulnerable to Cross-site Scripting Low
CVE-2023-3815 was published for com.ruoyi:ruoyi (Maven) Jul 21, 2023
Cockpit CMS Cross-Site Request Forgery vulnerability Moderate
CVE-2023-37650 was published for cockpit-hq/cockpit (Composer) Jul 20, 2023
Alkacon OpenCMS arbitrary file upload vulnerability Moderate
CVE-2023-37602 was published for org.opencms:opencms-core (Maven) Jul 20, 2023
OpenAM vulnerable to user impersonation using SAMLv1.x SSO process Critical
CVE-2023-37471 was published for org.openidentityplatform.openam:openam-federation-library (Maven) Jul 20, 2023
atorralba
Feathers socket handler allows abusing implicit toString High
CVE-2023-37899 was published for @feathersjs/socketio (npm) Jul 20, 2023
CodeanIO
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser Moderate
CVE-2023-37276 was published for aiohttp (pip) Jul 20, 2023
sethmlarson
grav Server-side Template Injection (SSTI) mitigation bypass High
CVE-2023-37897 was published for getgrav/grav (Composer) Jul 19, 2023
s4ex Malayke
impl `FromMdbValue` for bool is unsound Moderate
GHSA-f9g6-fp84-fv92 was published for lmdb-rs (Rust) Jul 19, 2023
Hazelcast Executor Services don't check client permissions properly High
CVE-2023-33265 was published for com.hazelcast:hazelcast (Maven) Jul 19, 2023
keylime fails to flag device as untrusted when signature does not validate Low
CVE-2023-3674 was published for keylime (pip) Jul 19, 2023
Pygments vulnerable to ReDoS Moderate
CVE-2022-40896 was published for Pygments (pip) Jul 19, 2023
Apache ShardingSphere-Agent Deserialization of Untrusted Data vulnerability Moderate
CVE-2023-28754 was published for org.apache.shardingsphere:shardingsphere (Maven) Jul 19, 2023
goproxy Denial of Service vulnerability Moderate
CVE-2023-37788 was published for github.com/elazarl/goproxy (Go) Jul 18, 2023
Fides Webserver Vulnerable to SVG Bomb File Uploads Low
CVE-2023-37481 was published for ethyca-fides (pip) Jul 18, 2023
daveqnet
Fides Webserver Vulnerable to Zip Bomb File Uploads Low
CVE-2023-37480 was published for ethyca-fides (pip) Jul 18, 2023
daveqnet
Keycloak: Impersonation and lockout possible through incorrect handling of email trust Moderate
CVE-2023-0105 was published for org.keycloak:keycloak-core (Maven) Jul 18, 2023
ProTip! Advisories are also available from the GraphQL API