Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,230
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,504
Pub
12
RubyGems
996
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,411 advisories

Loading
Microweber Improper Access Control vulnerability Moderate
CVE-2023-5976 was published for microweber/microweber (Composer) Nov 14, 2023
Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability High
CVE-2023-36049 was published for System.Net.Requests (NuGet) Nov 14, 2023
Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability Moderate
CVE-2023-36558 was published for Microsoft.AspNetCore.Components (NuGet) Nov 14, 2023
Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks Low
CVE-2023-47641 was published for aiohttp (pip) Nov 14, 2023
chinchila Credited to chinchila
Information Disclosure in typo3/cms-install tool Low
CVE-2023-47126 was published for typo3/cms-install (Composer) Nov 14, 2023
liayn Credited to liayn
Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer Moderate
CVE-2023-47125 was published for typo3/html-sanitizer (Composer) Nov 14, 2023
Yaniv-git Credited to Yaniv-git, ndossche, and ohader ndossche ndossche
ohader ohader
Gitsign's Rekor public keys fetched from upstream API instead of local TUF client. Moderate
CVE-2023-47122 was published for github.com/sigstore/gitsign (Go) Nov 14, 2023
adityasaky Credited to adityasaky
Fabric vulnerable to crosslinking transaction attack High
CVE-2023-46132 was published for github.com/hyperledger/fabric (Go) Nov 14, 2023
yacovm Credited to yacovm
Guest Entries Remote code execution via file uploads High
CVE-2023-47621 was published for doublethreedigital/guest-entries (Composer) Nov 14, 2023
Insufficient covariance check makes self_cell unsound High
GHSA-48m6-wm5p-rr6h was published for self_cell (Rust) Nov 14, 2023
Cross-site Scripting in cesium Moderate
CVE-2023-48094 was published for cesium (npm) Nov 14, 2023 withdrawn
juburr Credited to juburr
Bootbox.js Cross Site Scripting vulnerability Moderate
CVE-2023-46998 was published for bootbox (npm) Nov 14, 2023
TYPO3 vulnerable to Weak Authentication in Session Handling Moderate
CVE-2023-47127 was published for typo3/cms-core (Composer) Nov 14, 2023
dogawaf Credited to dogawaf, bnf, and ohader bnf bnf
ohader ohader
Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task High
CVE-2023-47117 was published for label-studio (pip) Nov 14, 2023
alex-elttam Credited to alex-elttam
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack High
CVE-2023-47163 was published for remarshal (pip) Nov 13, 2023
Statamic CMS remote code execution via front-end form uploads High
CVE-2023-47129 was published for statamic/cms (Composer) Nov 12, 2023
Cyber-Wo0dy Credited to Cyber-Wo0dy
piccolo SQL Injection via named transaction savepoints Critical
CVE-2023-47128 was published for piccolo (pip) Nov 12, 2023
Skelmis Credited to Skelmis
gnark's range checker gadget allows wider inputs up to word alignment Low
GHSA-rjjm-x32p-m3f7 was published for github.com/consensys/gnark (Go) Nov 12, 2023
ultrainstinct30 Credited to ultrainstinct30, ivokub, and gbotrel ivokub ivokub
gbotrel gbotrel
otelgrpc DoS vulnerability due to unbound cardinality metrics High
CVE-2023-47108 was published for go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (Go) Nov 12, 2023
agmond Credited to agmond
Symfony potential Cross-site Scripting in WebhookController Moderate
CVE-2023-46735 was published for symfony/symfony (Composer) Nov 12, 2023
maxime-aknin Credited to maxime-aknin and nicolas-grekas nicolas-grekas nicolas-grekas
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters Moderate
CVE-2023-46734 was published for symfony/symfony (Composer) Nov 12, 2023
Rudloff Credited to Rudloff and nicolas-grekas nicolas-grekas nicolas-grekas
Symfony possible session fixation vulnerability Moderate
CVE-2023-46733 was published for symfony/security-http (Composer) Nov 12, 2023
RobertMe Credited to RobertMe
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes Moderate
CVE-2023-47037 was published for apache-airflow (pip) Nov 12, 2023
r3kumar Credited to r3kumar and sunSUNQ sunSUNQ sunSUNQ
Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2023-42781 was published for apache-airflow (pip) Nov 12, 2023
Headscale writes bearer tokens to info-level logs High
CVE-2023-47390 was published for github.com/juanfont/headscale (Go) Nov 11, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database