Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

12,432 advisories

Loading
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in... Low Unreviewed
CVE-2023-37939 was published Oct 10, 2023
A vulnerability was found in Translator PoqDev Add-On 1.0.11 on Firefox. It has been rated as... Low Unreviewed
CVE-2023-5496 was published Oct 10, 2023
An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to... Low Unreviewed
CVE-2023-41263 was published Oct 13, 2023
Magento Open Source allows Cross-Site Scripting (XSS) Low
CVE-2023-38219 was published for magento/community-edition (Composer) Oct 13, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6. Low Unreviewed
CVE-2023-4517 was published Oct 13, 2023
A potential security vulnerability has been identified in certain HP Displays supporting the... Low Unreviewed
CVE-2023-5449 was published Oct 13, 2023
A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as problematic. Affected by... Low Unreviewed
CVE-2023-5579 was published Oct 14, 2023
A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0. It has been... Low Unreviewed
CVE-2023-5585 was published Oct 15, 2023
Pleroma Path Traversal vulnerability Low
CVE-2023-5588 was published for pleroma (Erlang) Oct 16, 2023
Undici's cookie header not cleared on cross-origin redirect in fetch Low
CVE-2023-45143 was published for undici (npm) Oct 16, 2023
ranjit-git KhafraDev
mcollina
vantage6 does not properly delete linked resources when deleting a collaboration Low
CVE-2023-41881 was published for vantage6 (pip) Oct 16, 2023
On affected Wago products an remote attacker with administrative privileges can access files to... Low Unreviewed
CVE-2023-4089 was published Oct 17, 2023
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK... Low Unreviewed
CVE-2023-22025 was published Oct 18, 2023
Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported... Low Unreviewed
CVE-2023-22074 was published Oct 18, 2023
Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported... Low Unreviewed
CVE-2023-22075 was published Oct 18, 2023
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security:... Low Unreviewed
CVE-2023-22113 was published Oct 18, 2023
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16. Low Unreviewed
CVE-2023-5626 was published Oct 18, 2023
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported... Low Unreviewed
CVE-2023-22128 was published Oct 18, 2023
This flaw allows an attacker to insert cookies at will into a running program using libcurl, if... Low Unreviewed
CVE-2023-38546 was published Oct 18, 2023
Wagtail vulnerable to disclosure of user names via admin bulk action views Low
CVE-2023-45809 was published for wagtail (pip) Oct 19, 2023
quyenheu
Artifact Hub allows unsafe rego built-in Low
CVE-2023-45822 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic
Next.js missing cache-control header may lead to CDN caching empty reply Low
CVE-2023-46298 was published for next (npm) Oct 22, 2023
medikoo
sbt vulnerable to arbitrary file write via archive extraction (Zip Slip) Low
CVE-2023-46122 was published for org.scala-sbt:io_2.12 (Maven) Oct 24, 2023
xuwei-k eed3si9n
Fides JavaScript Injection Vulnerability in Privacy Center URL Low
CVE-2023-46126 was published for ethyca-fides (pip) Oct 24, 2023
The vulnerability allows an unprivileged(untrusted) third-party application to interact with a... Low Unreviewed
CVE-2023-41960 was published Oct 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database