Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
1,433
Erlang
20
GitHub Actions
8
Go
971
Maven
3,349
npm
2,932
NuGet
266
pip
1,669
Pub
5
RubyGems
662
Rust
601
Unreviewed advisories
All unreviewed
5,000+

11,826 advisories

Prototype pollution in matrix-react-sdk High
CVE-2023-28103 was published for matrix-react-sdk (npm) Mar 29, 2023
smarty Cross-site Scripting vulnerability in Javascript escaping High
CVE-2023-28447 was published for smarty/smarty (Composer) Mar 29, 2023
takaram
matrix-react-sdk Prototype pollution vulnerability High
CVE-2022-36060 was published for matrix-react-sdk (npm) Mar 28, 2023
matrix-js-sdk Prototype Pollution vulnerability High
CVE-2022-36059 was published for matrix-js-sdk (npm) Mar 28, 2023
Comrak AST node data is not validated (GHSL-2023-049) Moderate
CVE-2023-28631 was published for comrak (Rust) Mar 28, 2023
darakian
Comrak vulnerable to production of excessive output when parsing Markdown (GHSL-2023-048) Moderate
GHSA-xxmq-4vph-956w was published for comrak (Rust) Mar 28, 2023
philipturnbull
Comrak vulnerable to quadratic runtime issues when parsing Markdown (GHSL-2023-047) Moderate
CVE-2023-28626 was published for comrak (Rust) Mar 28, 2023
philipturnbull
Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch Critical
CVE-2023-20860 was published for org.springframework:spring (Maven) Mar 28, 2023
lambdaisland/uri `authority-regex` returns the wrong authority Moderate
CVE-2023-28628 was published for lambdaisland:uri (Maven) Mar 27, 2023
luigigubello plexus
Snappier vulnerable to buffer overrun due to improper restriction of operations within the bounds of a memory buffer High
CVE-2023-28638 was published for Snappier (NuGet) Mar 27, 2023
brantburnett
Apiman vulnerable to permissions bypass due to missing check on API key URL Moderate
CVE-2023-28640 was published for io.apiman:apiman-manager-api-rest-impl (Maven) Mar 27, 2023
volkflo
Fluid Components TYPO3 extension vulnerable to Cross-Site Scripting Moderate
CVE-2023-28604 was published for sitegeist/fluid-components (Composer) Mar 27, 2023
Podman Time-of-check Time-of-use (TOCTOU) Race Condition Moderate
CVE-2023-0778 was published for github.com/containers/podman/v4 (Go) Mar 27, 2023
NATS TLS certificate common name validation bypass Moderate
GHSA-wvc4-j7g5-4f79 was published for nats (Rust) Mar 27, 2023
TensorFlow Denial of Service vulnerability Moderate
CVE-2023-25661 was published for tensorflow (pip) Mar 27, 2023
Apache InLong vulnerable to JDBC Deserialization of Untrusted Data High
CVE-2023-27296 was published for org.apache.inlong:inlong-manager (Maven) Mar 27, 2023
GraphQL Java vulnerable to stack consumption Moderate
CVE-2023-28867 was published for com.graphql-java:graphql-java (Maven) Mar 27, 2023
Duplicate Advisory: pullit Command Injection vulnerability High
GHSA-2w9p-xf5h-qwj3 was published for pullit (npm) Mar 27, 2023 withdrawn
redis-py Race Condition vulnerability High
CVE-2023-28858 was published for redis (pip) Mar 26, 2023
redis-py Race Condition due to incomplete fix High
CVE-2023-28859 was published for redis (pip) Mar 26, 2023
Interactive `run` permission prompt spoofing via improper ANSI neutralization High
CVE-2023-28446 was published for deno (Rust) Mar 24, 2023
LeoDog896
angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend Critical
CVE-2023-28444 was published for angular-server-side-configuration (npm) Mar 24, 2023
milo526
Nginx alias path traversal allows unauthenticated attackers to read all files on /label_studio/core/ High
GHSA-cpmr-mw4j-99r7 was published for label-studio (pip) Mar 24, 2023
c3l3si4n
`openssl` `X509NameBuilder::build` returned object is not thread safe Moderate
GHSA-3gxf-9r58-2ghg was published for openssl (Rust) Mar 24, 2023
`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read High
GHSA-9qwg-crg9-m2vc was published for openssl (Rust) Mar 24, 2023
ProTip! Advisories are also available from the GraphQL API