Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,798
Maven
5,000+
npm
4,424
NuGet
772
pip
4,192
Pub
12
RubyGems
968
Rust
1,083
Swift
46
Unreviewed advisories
All unreviewed
5,000+

25,306 advisories

Loading
smarty Cross-site Scripting vulnerability in Javascript escaping High
CVE-2023-28447 was published for smarty/smarty (Composer) Mar 29, 2023
takaram
Credited to takaram
Duplicate Advisory: pimcore is vulnerable to cross-site scripting in classes module Moderate
GHSA-3r5c-h7g6-cqw7 was published for pimcore/pimcore (Composer) Mar 29, 2023 withdrawn
Duplicate Advisory: pimcore is vulnerable to cross-site scripting in translate module Moderate
GHSA-rp78-4562-gx3c was published for pimcore/pimcore (Composer) Mar 29, 2023 withdrawn
Duplicate Advisory: Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings Moderate
GHSA-6mmf-qm37-pmgg was published for pimcore/pimcore (Composer) Mar 29, 2023 withdrawn
Duplicate Advisory: Pimcore Cross-site scripting in Predefined Asset Metadata module in Settings Moderate
GHSA-69fc-v223-6rjw was published for pimcore/pimcore (Composer) Mar 29, 2023 withdrawn
Apache Archiva vulnerable to privilege escalation via stored cross-site scripting (XSS) Moderate
CVE-2023-28158 was published for org.apache.archiva:archiva (Maven) Mar 29, 2023
Veracode Scan Jenkins Plugin vulnerable to information disclosure Moderate
CVE-2023-25722 was published for com.veracode.jenkins:veracode-scan (Maven) Mar 28, 2023
Veracode Scan Jenkins Plugin vulnerable to information disclosure Moderate
CVE-2023-25721 was published for com.veracode.jenkins:veracode-scan (Maven) Mar 28, 2023
matrix-react-sdk Prototype pollution vulnerability High
CVE-2022-36060 was published for matrix-react-sdk (npm) Mar 28, 2023
matrix-js-sdk Prototype Pollution vulnerability High
CVE-2022-36059 was published for matrix-js-sdk (npm) Mar 28, 2023
Apache OpenMeetings missing authentication and can allow user impersonation Critical
CVE-2023-28326 was published for org.apache.openmeetings:openmeetings-parent (Maven) Mar 28, 2023
Comrak AST node data is not validated (GHSL-2023-049) Moderate
CVE-2023-28631 was published for comrak (Rust) Mar 28, 2023
darakian
Credited to darakian
Comrak vulnerable to production of excessive output when parsing Markdown (GHSL-2023-048) Moderate
GHSA-xxmq-4vph-956w was published for comrak (Rust) Mar 28, 2023
philipturnbull
Credited to philipturnbull
Comrak vulnerable to quadratic runtime issues when parsing Markdown (GHSL-2023-047) Moderate
CVE-2023-28626 was published for comrak (Rust) Mar 28, 2023
philipturnbull
Credited to philipturnbull
Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch Critical
CVE-2023-20860 was published for org.springframework:spring (Maven) Mar 28, 2023
sunSUNQ AndrzejBiernacki2010
Credited to sunSUNQ and AndrzejBiernacki2010
lambdaisland/uri `authority-regex` returns the wrong authority Moderate
CVE-2023-28628 was published for lambdaisland:uri (Maven) Mar 27, 2023
luigigubello plexus
Credited to luigigubello and plexus
Snappier vulnerable to buffer overrun due to improper restriction of operations within the bounds of a memory buffer High
CVE-2023-28638 was published for Snappier (NuGet) Mar 27, 2023
brantburnett
Credited to brantburnett
Apiman vulnerable to permissions bypass due to missing check on API key URL Moderate
CVE-2023-28640 was published for io.apiman:apiman-manager-api-rest-impl (Maven) Mar 27, 2023
volkflo
Credited to volkflo
Fluid Components TYPO3 extension vulnerable to Cross-Site Scripting Moderate
CVE-2023-28604 was published for sitegeist/fluid-components (Composer) Mar 27, 2023
Podman Time-of-check Time-of-use (TOCTOU) Race Condition Moderate
CVE-2023-0778 was published for github.com/containers/podman/v4 (Go) Mar 27, 2023
pgAdmin 4 vulnerable to directory traversal Moderate
CVE-2023-0241 was published for pgadmin4 (pip) Mar 27, 2023
Magento Open Source allows Improper Access Control Moderate
CVE-2023-22250 was published for magento/community-edition (Composer) Mar 27, 2023
Magento Open Source allows Incorrect Authorization Moderate
CVE-2023-22251 was published for magento/community-edition (Composer) Mar 27, 2023
Magento Open Source allows XML Injection High
CVE-2023-22247 was published for magento/community-edition (Composer) Mar 27, 2023
NATS TLS certificate common name validation bypass Moderate
GHSA-wvc4-j7g5-4f79 was published for nats (Rust) Mar 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database