GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 14,682
Composer 2,288
Erlang 22
GitHub Actions 11
Go 1,245
Maven 4,006
npm 3,164
NuGet 529
pip 2,125
Pub 7
RubyGems 758
Rust 665
Swift 30

Unreviewed advisories

All unreviewed 198,514

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

14,682 advisories

Filter by severity

Sort by

Least recently updated

Vulnerable version of libwebp and can be exploited with a malicious source image High

GHSA-wqcr-xm43-hpqr was published for ImageResizer.Plugins.FreeImage (NuGet) Oct 6, 2023

JWT token compromise can allow malicious actions including Remote Code Execution (RCE) Critical

CVE-2023-32188 was published for github.com/neuvector/neuvector (Go) Oct 6, 2023

Bundled libwebp in pywebp vulnerable High

GHSA-f9pm-4g9p-6vm3 was published for webp (pip) Oct 6, 2023

Zenario CMS Cross-site Scripting vulnerability Moderate

CVE-2023-44770 was published for tribalsystems/zenario (Composer) Oct 6, 2023

ConcreteCMS Cross-site Scripting vulnerability Moderate

CVE-2023-44766 was published for concrete5/concrete5 (Composer) Oct 6, 2023

Zenario CMS Cross-site Scripting vulnerability Moderate

CVE-2023-44771 was published for tribalsystems/zenario (Composer) Oct 6, 2023

ConcreteCMS Cross-site Scripting vulnerability Moderate

CVE-2023-44765 was published for concrete5/concrete5 (Composer) Oct 6, 2023

ConcreteCMS Cross-site Scripting vulnerability Moderate

CVE-2023-44764 was published for concrete5/concrete5 (Composer) Oct 6, 2023

ConcreteCMS Cross-site Scripting vulnerability Moderate

CVE-2023-44761 was published for concrete5/concrete5 (Composer) Oct 6, 2023

ConcreteCMS Cross-site Scripting vulnerability Moderate

CVE-2023-44762 was published for concrete5/concrete5 (Composer) Oct 6, 2023

geokit-rails Command Injection vulnerability High

CVE-2023-26153 was published for geokit-rails (RubyGems) Oct 6, 2023

gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect results Low

GHSA-pffg-92cg-xf5c was published for https://github.com/consensys/gnark-crypto (Go) Oct 5, 2023

NI MeasurementLink Python Services Improper Access Restriction vulnerability High

CVE-2023-4570 was published for ni-measurementlink-service (pip) Oct 5, 2023

Vapor's incorrect request error handling triggers server crash Moderate

CVE-2023-44386 was published for https://github.com/vapor/vapor (Swift) Oct 5, 2023

io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud Moderate

CVE-2023-36820 was published for io.micronaut.security:micronaut-security-oauth2 (Maven) Oct 5, 2023

Decidim has broken access control in templates Critical

CVE-2023-36465 was published for decidim (RubyGems) Oct 5, 2023

CefSharp affected by libvpx's heap buffer overflow in vp8 encoding High

GHSA-4c29-gfrp-g6x9 was published for CefSharp.Common (NuGet) Oct 5, 2023

Bundled libwebp in imagecodecs vulnerable High

GHSA-94vc-p8w7-5p49 was published for imagecodecs (pip) Oct 5, 2023

Bundled libwebp in Pillow vulnerable High

GHSA-56pw-mpj4-fxww was published for pillow (pip) Oct 5, 2023

HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content Moderate

CVE-2023-44390 was published for HtmlSanitizer (NuGet) Oct 4, 2023

Zope management interface vulnerable to stored cross site scripting via the title property Low

CVE-2023-44389 was published for Zope (pip) Oct 4, 2023

TYPO3 extension femanager Broken Access Control vulnerability Moderate

CVE-2023-45023 was published for in2code/femanager (Composer) Oct 4, 2023

Zod denial of service vulnerability during email validation High

GHSA-mvrp-3cvx-c325 was published for express-zod-api (npm) Oct 4, 2023

gnark unsoundness in variable comparison / non-unique binary decomposition High

CVE-2023-44378 was published for github.com/consensys/gnark (Go) Oct 4, 2023

Netty-handler does not validate host names by default Moderate

CVE-2023-4586 was published for io.netty:netty-handler (Maven) Oct 4, 2023

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API