Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

12,432 advisories

Loading
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4. Low Unreviewed
CVE-2023-5896 was published Nov 1, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior to 3.3.0-16. Low Unreviewed
CVE-2023-5894 was published Nov 1, 2023
Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Low Unreviewed
CVE-2023-5895 was published Nov 1, 2023
Authenticated clients can read arbitrary files on the MAIN Computer system using the remote... Low Unreviewed
CVE-2023-2622 was published Nov 1, 2023
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Low Unreviewed
CVE-2023-5898 was published Nov 1, 2023
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Low Unreviewed
CVE-2023-5899 was published Nov 1, 2023
A vulnerability was found in PopojiCMS 2.0.1 and classified as problematic. This issue affects... Low Unreviewed
CVE-2023-5910 was published Nov 2, 2023
Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on... Low Unreviewed
CVE-2023-5875 was published Nov 2, 2023
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an... Low Unreviewed
CVE-2023-5876 was published Nov 2, 2023
Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by... Low Unreviewed
CVE-2023-5920 was published Nov 2, 2023
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the... Low Unreviewed
CVE-2023-5035 was published Nov 2, 2023
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session... Low Unreviewed
CVE-2023-4217 was published Nov 2, 2023
Download route allows filename change in eZpublish kernel Low
GHSA-946c-f9w6-2c25 was published for ezsystems/ezpublish-kernel (Composer) Nov 3, 2023
Ibexa DXP Download route allows filename change Low
GHSA-g95c-xc83-8353 was published for ibexa/core (Composer) Nov 3, 2023
Ibexa ezplatform-kernel download route allows filename change Low
GHSA-gv2c-5g79-h73c was published for ezsystems/ezplatform-kernel (Composer) Nov 3, 2023
Magnesium-PHP Injection vulnerability Low
CVE-2017-20187 was published for floriangaerber/magnesium (Composer) Nov 5, 2023
A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6.... Low Unreviewed
CVE-2021-4430 was published Nov 6, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16... Low Unreviewed
CVE-2023-5831 was published Nov 6, 2023
An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9... Low Unreviewed
CVE-2023-5963 was published Nov 6, 2023
An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4... Low Unreviewed
CVE-2023-4700 was published Nov 6, 2023
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency Low
GHSA-j57r-4qw6-58r3 was published for rusty-paseto (Rust) Nov 7, 2023
techport-om rrrodzilla
Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV... Low Unreviewed
CVE-2023-41270 was published Nov 8, 2023
Cosign vulnerable to possible endless data attack from attacker-controlled registry Low
CVE-2023-46737 was published for github.com/sigstore/cosign (Go) Nov 8, 2023
AdamKorcz pdeslaur
s2n-quic potential denial of service via crafted stream frames Low
GHSA-475v-pq2g-fp9g was published for s2n-quic (Rust) Nov 8, 2023
A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests.... Low Unreviewed
CVE-2023-5760 was published Nov 8, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database