Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
1,493
Erlang
20
GitHub Actions
9
Go
1,001
Maven
3,460
npm
2,967
NuGet
268
pip
1,699
Pub
5
RubyGems
671
Rust
607
Unreviewed advisories
All unreviewed
5,000+

12,110 advisories

Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform Low
CVE-2023-30618 was published for kitchen-terraform (RubyGems) Apr 24, 2023
brettcurtis
Unrestricted file upload in kiwi TCMS High
CVE-2023-30613 was published for kiwitcms (pip) Apr 24, 2023
mosaa404
HTTP Multiline Header Termination High
CVE-2023-29530 was published for laminas/laminas-diactoros (Composer) Apr 24, 2023
GrahamCampbell TimWolla
Directory traversal + file write causing arbitrary code execution High
CVE-2023-30626 was published for Jellyfin.Controller (NuGet) Apr 24, 2023
FredericLinn
Rancher Webhook is misconfigured during upgrade process Critical
CVE-2023-22651 was published for github.com/rancher/rancher (Go) Apr 24, 2023
Incorrect success value returned in vyper Moderate
CVE-2023-30629 was published for vyper (pip) Apr 24, 2023
algys pavelvm5
Arbitrary command injection in embano1/wip Critical
CVE-2023-30623 was published for embano1/wip (GitHub Actions) Apr 24, 2023
R3x
Access bypass in Drupal Core Moderate
CVE-2022-25278 was published for drupal/core (Composer) Apr 24, 2023
Remote code execution in dawnsparks-node-tesseract Critical
CVE-2023-29566 was published for dawnsparks-node-tesseract (npm) Apr 24, 2023
Remote code execution in broccoli-compass Critical
CVE-2023-27848 was published for broccoli-compass (npm) Apr 24, 2023
Missing check for default SECRET_KEY High
CVE-2023-27524 was published for apache-superset (pip) Apr 24, 2023
Adverserial use of `make_bitflags!` macro can cause undefined behavior Moderate
GHSA-qvc4-78gw-pv8p was published for enumflags2 (Rust) Apr 24, 2023
kiwi TCMS has possibility for user to update email address to unverified one Low
CVE-2023-30544 was published for kiwitcms (pip) Apr 24, 2023
Uncaught Exception in yaml Moderate
CVE-2023-2251 was published for yaml (npm) Apr 24, 2023
Cross-site Scripting in Backdrop CMS Low
CVE-2023-31045 was published for backdrop/backdrop (Composer) Apr 24, 2023
Prototype Pollution in sheetJS Moderate
CVE-2023-30533 was published for xlsx (npm) Apr 24, 2023
Information exposure in microweber High
CVE-2023-2239 was published for microweber/microweber (Composer) Apr 22, 2023
Cross-site Scripting in thorsten/phpmyfaq Moderate
CVE-2023-1875 was published for thorsten/phpmyfaq (Composer) Apr 22, 2023
Improper Privilege Management in microweber High
CVE-2023-2240 was published for microweber/microweber (Composer) Apr 22, 2023
Session fixation in fastify-passport High
CVE-2023-29019 was published for @fastify/passport (npm) Apr 21, 2023
pedromigueladao lavish
CSRF token fixation in fastify-passport Moderate
CVE-2023-29020 was published for @fastify/passport (npm) Apr 21, 2023
pedromigueladao lavish
PowerJob vulnerable to incorrect access control Moderate
CVE-2023-29924 was published for tech.powerjob:powerjob (Maven) Apr 21, 2023
Improper Input Validation in nyholm/psr7 Moderate
GHSA-wjfc-pgfp-pv9c was published for nyholm/psr7 (Composer) Apr 21, 2023
Improper header validation in httpsoft/http-message Moderate
GHSA-9jxr-mwpp-w643 was published for httpsoft/http-message (Composer) Apr 21, 2023
devanych
sqlparse contains a regular expression that is vulnerable to Regular Expression Denial of Service Moderate
CVE-2023-30608 was published for sqlparse (pip) Apr 21, 2023
erik-krogh
ProTip! Advisories are also available from the GraphQL API