Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,880
Maven
5,000+
npm
4,518
NuGet
784
pip
4,260
Pub
12
RubyGems
975
Rust
1,105
Swift
49
Unreviewed advisories
All unreviewed
5,000+

25,668 advisories

Loading
SQL Injection in AssetController High
CVE-2023-2338 was published for pimcore/pimcore (Composer) Apr 27, 2023
rekter0
Credited to rekter0
Cross-site Scripting (XSS) in Website Settings name field Moderate
CVE-2023-2342 was published for pimcore/pimcore (Composer) Apr 27, 2023
khanhchauminh
Credited to khanhchauminh
Cross-site Scripting (XSS) in Admin Login too many attempts notice Moderate
CVE-2023-2341 was published for pimcore/pimcore (Composer) Apr 27, 2023
Anasboulbali
Credited to Anasboulbali
Cross-site Scripting (XSS) in DataObject Classification Store Moderate
CVE-2023-2343 was published for pimcore/pimcore (Composer) Apr 27, 2023
khanhchauminh
Credited to khanhchauminh
SQL Injection in Admin Translations API High
CVE-2023-30850 was published for pimcore/pimcore (Composer) Apr 27, 2023
SQL Injection in Translation Export API High
CVE-2023-30849 was published for pimcore/pimcore (Composer) Apr 27, 2023
SQL Injection in Admin Search Find API High
CVE-2023-30848 was published for pimcore/pimcore (Composer) Apr 27, 2023
Undefined Behavior in Rust runtime functions Low
CVE-2023-30624 was published for wasmtime (Rust) Apr 27, 2023
guidovranken alexcrichton
Credited to guidovranken and alexcrichton
Remote code execution in JFinal CMS Critical
CVE-2023-30349 was published for com.jflyfox:jflyfox_jfinal (Maven) Apr 27, 2023
Potential leak of authentication data to 3rd parties Critical
CVE-2023-30846 was published for typed-rest-client (npm) Apr 27, 2023
yahavi JLLeitschuh
Credited to yahavi and JLLeitschuh
Insufficient token expiration in Serenity High
CVE-2023-31287 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
User account enumeration in Serenity Moderate
CVE-2023-31286 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
Cross Site Scripting (XSS) in Serenity Moderate
CVE-2023-31285 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
Access bypass in Drupal core Critical
CVE-2023-31250 was published for drupal/core (Composer) Apr 26, 2023
Prototype Pollution in vConsole Critical
CVE-2023-30363 was published for vconsole (npm) Apr 26, 2023
renbaoshuo
Credited to renbaoshuo
Remote code execution in Voyager Critical
CVE-2020-36070 was published for tcg/voyager (Composer) Apr 26, 2023
Missing permission check of canView in GridFieldPrintButton Moderate
CVE-2023-22728 was published for silverstripe/framework (Composer) Apr 26, 2023
Open redirect vulnerability on CMSSecurity relogin screen Moderate
CVE-2023-22729 was published for silverstripe/framework (Composer) Apr 26, 2023
Ironic and ironic-inspector may expose as ConfigMaps Moderate
CVE-2023-30841 was published for github.com/metal3-io/baremetal-operator (Go) Apr 26, 2023
Hidden fields can be leaked on readable collections in Payload High
CVE-2023-30843 was published for payload (npm) Apr 26, 2023
cpaczek
Credited to cpaczek
Hop-by-hop abuse to malform header mutator Low
GHSA-w9mr-28mw-j8hg was published for github.com/ory/oathkeeper (Go) Apr 26, 2023
viters
Credited to viters
Cross site scripting (XSS) in wwbn/avideo High
GHSA-2fch-hv74-fgw9 was published for wwbn/avideo (Composer) Apr 26, 2023
gonzxph
Credited to gonzxph
@builder.io/qwik-city Cross-Site Request Forgery vulnerability Moderate
CVE-2023-2307 was published for @builder.io/qwik-city (npm) Apr 26, 2023
Buffer overflow in sponge queue functions Critical
CVE-2022-37454 was published for pysha3 (RubyGems) Apr 26, 2023
Path traversal vulnerability in the file manager High
CVE-2023-29200 was published for contao/contao (Composer) Apr 26, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database