Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,880
Maven
5,000+
npm
4,518
NuGet
784
pip
4,260
Pub
12
RubyGems
975
Rust
1,105
Swift
49
Unreviewed advisories
All unreviewed
5,000+

25,668 advisories

Loading
phpMyFAQ vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-2428 was published for thorsten/phpmyfaq (Composer) Apr 30, 2023
Duplicate Advisory: Arbitrary code execution in jfinal CMS Critical
CVE-2023-26812 was published for com.jflyfox:jflyfox_jfinal (Maven) Apr 28, 2023 withdrawn
Missing rate limit for password resets Moderate
CVE-2023-28821 was published for concrete5/concrete5 (Composer) Apr 28, 2023
Stored cross site scripting in RSS displayer Low
CVE-2023-28820 was published for concrete5/concrete5 (Composer) Apr 28, 2023
Stored cross site scripting on API integration Moderate
CVE-2023-28477 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Credited to MarkLee131
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names Low
CVE-2023-28819 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Credited to MarkLee131
Stored cross site scripting on tags Moderate
CVE-2023-28476 was published for concrete5/concrete5 (Composer) Apr 28, 2023
Stored cross site scripting via container name Moderate
CVE-2023-28471 was published for concrete5/concrete5 (Composer) Apr 28, 2023
Stored cross site scripting on saved presets Moderate
CVE-2023-28474 was published for concrete5/concrete5 (Composer) Apr 28, 2023
Concrete CMS missing secure cookie parameters Moderate
CVE-2023-28472 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Credited to MarkLee131
Reflected cross site scripting Moderate
CVE-2023-28475 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Credited to MarkLee131
Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section Critical
CVE-2023-28473 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Credited to MarkLee131
Relative path traversal in mlflow High
CVE-2023-2356 was published for mlflow (pip) Apr 28, 2023
Remote code injection in wwbn/avideo High
CVE-2023-30854 was published for wwbn/avideo (Composer) Apr 27, 2023
jmrcsnchz
Credited to jmrcsnchz
Chosen Ciphertext Attack in Jose4j Moderate
GHSA-jgvc-jfgh-rjvv was published for org.bitbucket.b_c:jose4j (Maven) Apr 27, 2023
Arbitrary File Read in Admin JS CSS files Moderate
CVE-2023-30852 was published for pimcore/pimcore (Composer) Apr 27, 2023
Cross-site Scripting (XSS) in DataObject columns grid Moderate
CVE-2023-2340 was published for pimcore/pimcore (Composer) Apr 27, 2023
Cross-site Scripting (XSS) in DataObject Any Getter grid operator Moderate
CVE-2023-2339 was published for pimcore/pimcore (Composer) Apr 27, 2023
Path Traversal in Asset "import from server" option Moderate
CVE-2023-2336 was published for pimcore/pimcore (Composer) Apr 27, 2023
rekter0
Credited to rekter0
Cross-site Scripting (XSS) in Conditions tab of Pricing Rules Moderate
CVE-2023-2332 was published for pimcore/pimcore (Composer) Apr 27, 2023
nhaanhaa
Credited to nhaanhaa
Lightbend Alpakka Kafka logs credentials on debug level Moderate
CVE-2023-29471 was published for com.typesafe.akka:akka-stream-kafka_2.11 (Maven) Apr 27, 2023
Cross-site Scripting (XSS) in DataObjects QuantityValue Unit Definition Moderate
CVE-2023-2328 was published for pimcore/pimcore (Composer) Apr 27, 2023
khanhchauminh
Credited to khanhchauminh
Cross-site Scripting (XSS) in pimcore via DataObject Class date fields Moderate
CVE-2023-2327 was published for pimcore/pimcore (Composer) Apr 27, 2023
khanhchauminh
Credited to khanhchauminh
Cross-site Scripting (XSS) in Ecommerce Pricing Rules name field Moderate
CVE-2023-2323 was published for pimcore/pimcore (Composer) Apr 27, 2023
sampritdas8
Credited to sampritdas8
Cross-site Scripting (XSS) in Document Properties Parameter Moderate
CVE-2023-2322 was published for pimcore/pimcore (Composer) Apr 27, 2023
rootxsandy
Credited to rootxsandy
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database