Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,796
Maven
5,000+
npm
4,410
NuGet
772
pip
4,181
Pub
12
RubyGems
965
Rust
1,078
Swift
45
Unreviewed advisories
All unreviewed
5,000+

25,266 advisories

Loading
Deno improperly handles resizable ArrayBuffer Critical
CVE-2023-28445 was published for Deno (Rust) Mar 23, 2023
lucacasonato JohnTitor
nipunn1313
Credited to lucacasonato, JohnTitor, and nipunn1313
Spring Vault vulnerable to insertion of sensitive information into a log file Moderate
CVE-2023-20859 was published for org.springframework.vault:spring-vault-core (Maven) Mar 23, 2023
Spring Framework vulnerable to denial of service via specially crafted SpEL expression Moderate
CVE-2023-20861 was published for org.springframework:spring-expression (Maven) Mar 23, 2023
amita-seal sunSUNQ
Credited to amita-seal and sunSUNQ
tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate
CVE-2022-3146 was published for tripleo-ansible (pip) Mar 23, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate
CVE-2022-3101 was published for tripleo-ansible (pip) Mar 23, 2023
NotrinosERP vulnerable to SQL Injection High
CVE-2023-24788 was published for notrinos/notrinos-erp (Composer) Mar 23, 2023
Moodle may display roles to users who don't have access to them Moderate
CVE-2023-1402 was published for moodle/moodle (Composer) Mar 23, 2023
Moodle may allow authenticated users to enumerate other user's names via learning plans page Moderate
CVE-2023-28334 was published for moodle/moodle (Composer) Mar 23, 2023
Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input Critical
CVE-2023-28333 was published for moodle/moodle (Composer) Mar 23, 2023
Moodle vulnerable to Cross-site Scripting when algebra filter enabled but not functional Moderate
CVE-2023-28332 was published for moodle/moodle (Composer) Mar 23, 2023
Moodle arbitrary file read vulnerability Moderate
CVE-2023-28330 was published for moodle/moodle (Composer) Mar 23, 2023
Moodle SQL Injection vulnerability High
CVE-2023-28329 was published for moodle/moodle (Composer) Mar 23, 2023
Moodle vulnerable to Cross-site Request Forgery High
CVE-2023-28335 was published for moodle/moodle (Composer) Mar 23, 2023
Moodle vulnerable to Cross-site Scripting Moderate
CVE-2023-28331 was published for moodle/moodle (Composer) Mar 23, 2023
Moodle may allow teachers to access the names of users they could not otherwise access Moderate
CVE-2023-28336 was published for moodle/moodle (Composer) Mar 23, 2023
json-smart Uncontrolled Recursion vulnerability High
CVE-2023-1370 was published for net.minidev:json-smart (Maven) Mar 23, 2023
Grafana Stored Cross-site Scripting in Graphite FunctionDescription tooltip Moderate
CVE-2023-1410 was published for github.com/grafana/grafana (Go) Mar 23, 2023
renniepak
Credited to renniepak
baserCMS allows any file to be uploaded Critical
CVE-2023-25655 was published for baserproject/basercms (Composer) Mar 23, 2023
baserCMS File Uploader Remote Code Execution (RCE) vulnerability Critical
CVE-2023-25654 was published for baserproject/basercms (Composer) Mar 23, 2023
Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process Moderate
CVE-2023-28436 was published for tailscale.com (Go) Mar 23, 2023
rmb938
Credited to rmb938
Argo CD authenticated but unauthorized users may enumerate Application names via the API Moderate
CVE-2022-41354 was published for github.com/argoproj/argo-cd (Go) Mar 23, 2023
zhlu32
Credited to zhlu32
directus vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2023-28443 was published for directus (npm) Mar 23, 2023
JohnHillegass
Credited to JohnHillegass
Hippo4j privilege escalation issue High
CVE-2023-27094 was published for cn.hippo4j:hippo4j-all (Maven) Mar 23, 2023
Duplicate Advisory: Grafana Stored Cross-site Scripting vulnerability Moderate
GHSA-3cgw-hfw7-wc7j was published for github.com/grafana/grafana (Go) Mar 23, 2023 withdrawn
code-server vulnerable to Missing Origin Validation in WebSockets Critical
CVE-2023-26114 was published for code-server (npm) Mar 23, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database