Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

26,244 advisories

Loading
Zinc Cross-site Scripting vulnerability Moderate
CVE-2022-32171 was published for github.com/zinclabs/zinc (Go) Jul 6, 2023
@vendure/admin-ui-plugin authenticated Cross-site Scripting vulnerability Moderate
GHSA-gm68-572p-q28r was published for @vendure/admin-ui-plugin (npm) Jul 6, 2023
Yaniv-git
Credited to Yaniv-git
langchain SQL Injection vulnerability High
CVE-2023-36189 was published for langchain (pip) Jul 6, 2023
langchain vulnerable to arbitrary code execution Critical
CVE-2023-36188 was published for langchain (pip) Jul 6, 2023
Products.CMFCore unauthenticated denial of service and crash via unchecked use of input with Python's marshal module High
CVE-2023-36814 was published for Products.CMFCore (pip) Jul 5, 2023
Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox High
CVE-2023-36809 was published for kiwitcms (pip) Jul 5, 2023
mnqazi MQ-xz
Credited to mnqazi and MQ-xz
Connect-CMS Privilege Escalation Vulnerability Moderate
GHSA-qxh3-jgvh-x55j was published for opensource-workshop/connect-cms (Composer) Jul 5, 2023
1Panel vulnerable to command injection when entering the container terminal Moderate
CVE-2023-36458 was published for github.com/1Panel-dev/1Panel (Go) Jul 5, 2023
Malayke
Credited to Malayke
1Panel vulnerable to command injection when adding container repositories Moderate
CVE-2023-36457 was published for github.com/1Panel-dev/1Panel (Go) Jul 5, 2023
@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state High
CVE-2023-31999 was published for @fastify/oauth2 (npm) Jul 5, 2023
erezarnon panva
mcollina marco-ippolito
Credited to erezarnon, panva, mcollina, and marco-ippolito
MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form High
CVE-2023-34457 was published for MechanicalSoup (pip) Jul 5, 2023
e-c-d
Credited to e-c-d
CometBFT may duplicate transactions in the mempool's data structures High
CVE-2023-34451 was published for github.com/cometbft/cometbft (Go) Jul 5, 2023
otrack
Credited to otrack
CometBFT PeerState JSON serialization deadlock Moderate
CVE-2023-34450 was published for github.com/cometbft/cometbft (Go) Jul 5, 2023
mmsqe sergio-mena
Credited to mmsqe and sergio-mena
Connection confusion in gRPC High
CVE-2023-32731 was published for grpc (RubyGems) Jul 5, 2023
jmatosgrafana picatz
jonasfj tal-sealsecurity
Credited to jmatosgrafana, picatz, jonasfj, and tal-sealsecurity
Withdrawn: scipy memory leak vulnerability Moderate
CVE-2023-25399 was published for scipy (pip) Jul 5, 2023 withdrawn
code.gitea.io/gitea Open Redirect vulnerability Low
CVE-2023-3515 was published for code.gitea.io/gitea (Go) Jul 5, 2023
protobufjs Prototype Pollution vulnerability Critical
CVE-2023-36665 was published for protobufjs (npm) Jul 5, 2023
fhoeben stephengroat
Credited to fhoeben and stephengroat
Apache Any23 vulnerable to excessive memory usage Moderate
CVE-2023-34150 was published for org.apache.any23:apache-any23 (Maven) Jul 5, 2023
Bouncy Castle For Java LDAP injection vulnerability Moderate
CVE-2023-33201 was published for org.bouncycastle:bcprov-debug-jdk14 (Maven) Jul 5, 2023
pavelarnost
Credited to pavelarnost
Duplicate Advisory: @fastify/oauth2 Oauth2 state parameter reuse Moderate
GHSA-hgxv-3497-3hhj was published for @fastify/oauth2 (npm) Jul 4, 2023 withdrawn
quarkus-core vulnerable to client driven TLS cipher downgrading Moderate
CVE-2023-2974 was published for io.quarkus:quarkus-core (Maven) Jul 4, 2023
langchain arbitrary code execution vulnerability Critical
CVE-2023-36258 was published for langchain (pip) Jul 3, 2023
kube-apiserver vulnerable to policy bypass Moderate
CVE-2023-2727 was published for k8s.io/kubernetes (Go) Jul 3, 2023
Kubernetes mountable secrets policy bypass Moderate
CVE-2023-2728 was published for k8s.io/kubernetes (Go) Jul 3, 2023
Django has regular expression denial of service vulnerability in EmailValidator/URLValidator High
CVE-2023-36053 was published for Django (pip) Jul 3, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database