Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

372 advisories

Loading
matrix-appservice-irc IRC command injection via admin commands containing newlines Moderate
CVE-2023-38690 was published for matrix-appservice-irc (npm) Aug 4, 2023
Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation Moderate
CVE-2023-37948 was published for org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute (Maven) Jul 12, 2023
Apache Zeppelin Improper Input Validation vulnerability Moderate
CVE-2021-28655 was published for org.apache.zeppelin:zeppelin (Maven) Jul 6, 2023
Apache Any23 vulnerable to excessive memory usage Moderate
CVE-2023-34150 was published for org.apache.any23:apache-any23 (Maven) Jul 5, 2023
Kubernetes mountable secrets policy bypass Moderate
CVE-2023-2728 was published for k8s.io/kubernetes (Go) Jul 3, 2023
kube-apiserver vulnerable to policy bypass Moderate
CVE-2023-2727 was published for k8s.io/kubernetes (Go) Jul 3, 2023
Apache Airflow ODBC Provider, Apache Airflow MSSQL Provider Improper Input Validation vulnerability Moderate
CVE-2023-35798 was published for apache-airflow-providers-microsoft-mssql (pip) Jun 27, 2023
Vega's validators able to submit duplicate transactions Moderate
CVE-2023-35163 was published for code.vegaprotocol.io/vega (Go) Jun 20, 2023
wwestgarth
Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs Moderate
CVE-2023-34239 was published for gradio (pip) Jun 9, 2023
mastomii
Ingress-nginx `path` sanitization can be bypassed with newline character Moderate
CVE-2021-25748 was published for k8s.io/ingress-nginx (Go) May 24, 2023
Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites Moderate
CVE-2023-32323 was published for matrix-synapse (pip) May 24, 2023
Insufficient validation when decoding a Socket.IO packet Moderate
CVE-2023-32695 was published for socket.io-parser (npm) May 23, 2023
rafax00 darrachequesne
Invalid push request payload crashes Parse Server Moderate
CVE-2023-32688 was published for parse-server-push-adapter (npm) May 22, 2023
dblythy mtrezza
Improper random reading in CIRCL Moderate
CVE-2023-1732 was published for github.com/cloudflare/circl (Go) May 11, 2023
VTAdmin users that can create shards can deny access to other functions Moderate
CVE-2023-29195 was published for vitess.io/vitess (Go) May 11, 2023
AdamKorcz ajm188
Pimcore vulnerable to Business Logic Errors via Customer automation rules Moderate
CVE-2023-32075 was published for pimcore/customer-management-framework-bundle (Composer) May 11, 2023
khanhchauminh
Improper input validation in github.com/gin-gonic/gin Moderate
CVE-2023-26125 was published for github.com/gin-gonic/gin (Go) May 4, 2023
vitess allows users to create keyspaces that can deny access to already existing keyspaces Moderate
CVE-2023-29194 was published for vitess.io/vitess (Go) Apr 11, 2023
AdamKorcz ajm188
Firefly III vulnerable to improper input validation Moderate
CVE-2023-1789 was published for grumpydictator/firefly-iii (Composer) Apr 1, 2023
phpMyFAQ vulnerable to improper input validation Moderate
CVE-2023-1754 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
TensorFlow Denial of Service vulnerability Moderate
CVE-2023-25661 was published for tensorflow (pip) Mar 27, 2023
dengyinlin
Moodle arbitrary file read vulnerability Moderate
CVE-2023-28330 was published for moodle/moodle (Composer) Mar 23, 2023
russh may use insecure Diffie-Hellman keys Moderate
CVE-2023-28113 was published for russh (Rust) Mar 17, 2023
Holzhaus lambdafu
fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime Moderate
CVE-2023-27483 was published for github.com/crossplane/crossplane-runtime (Go) Mar 13, 2023
phisco AdamKorcz
DavidKorczynski
Crossplane-runtime contains Improper Input Validation via Compositions Moderate
CVE-2023-27484 was published for github.com/crossplane/crossplane (Go) Mar 10, 2023
phisco AdamKorcz
DavidKorczynski
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database