Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
2,384
Erlang
24
GitHub Actions
11
Go
1,317
Maven
4,215
npm
3,229
NuGet
540
pip
2,208
Pub
7
RubyGems
762
Rust
674
Swift
31
Unreviewed advisories
All unreviewed
5,000+

15,222 advisories

Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year High
GHSA-r68h-jhhj-9jvm was published for org.owasp.esapi:esapi (Maven) Nov 27, 2023
Uptime Kuma Authenticated remote code execution via TailscalePing Moderate
GHSA-hfxh-rjv7-2369 was published for uptime-kuma (npm) Nov 27, 2023
vaadata-pascala
Attribute Injection leading to XSS(Cross-Site-Scripting) Moderate
GHSA-v4v2-8h88-65qj was published for uptime-kuma (npm) Nov 24, 2023
gtg2619
Ethereum ABI decoder DoS when parsing ZST Moderate
GHSA-rqr8-pxh7-cq3g was published for eth-abi (pip) Nov 24, 2023
maxammann
Capsule Proxy Authentication bypass using an empty token Critical
CVE-2023-48312 was published for github.com/clastix/capsule-proxy (Go) Nov 24, 2023
luisdavim slimm609
psc4re
SQL injection vulnerability in Meshery Critical
CVE-2023-46575 was published for github.com/layer5io/meshery (Go) Nov 24, 2023
Bouncy Castle Denial of Service (DoS) High
CVE-2023-33202 was published for org.bouncycastle:bcprov-jdk18on (Maven) Nov 23, 2023
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files Low
CVE-2023-43123 was published for org.apache.storm:storm-core (Maven) Nov 23, 2023
Cross-site Scripting in DOMSanitizer Moderate
CVE-2023-49146 was published for rhukster/dom-sanitizer (Composer) Nov 23, 2023
Cleartext Storage of Sensitive Information in HMAC SHA256 Authentication Moderate
GHSA-v427-c49j-8w6x was published for codeigniter4/shield (Composer) Nov 23, 2023
Insertion of Sensitive Information into Log Moderate
GHSA-j72f-h752-mx4w was published for codeigniter4/shield (Composer) Nov 23, 2023
Cross-site Scripting potential in custom links, job buttons, and computed fields High
CVE-2023-48705 was published for nautobot (pip) Nov 22, 2023
Cross-site Scripting via uploaded assets High
CVE-2023-48701 was published for statamic/cms (Composer) Nov 22, 2023
Cyber-Wo0dy
Directory Traversal in jeecg-boot Moderate
CVE-2023-47467 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Nov 22, 2023
Cross Site Request Forgery in SwiftyEdit Moderate
CVE-2023-47350 was published for swiftyedit/swiftyedit (Composer) Nov 22, 2023
Cross-site Scripting in Admidio Moderate
CVE-2023-47380 was published for admidio/admidio (Composer) Nov 22, 2023
SQL injection in Apache Submarine High
CVE-2023-37924 was published for apache-submarine (pip) Nov 22, 2023
Elasticsearch Improper Handling of Exceptional Conditions Moderate
CVE-2023-46673 was published for org.elasticsearch:elasticsearch (Maven) Nov 22, 2023
APM Java Agent Local Privilege Escalation issue High
CVE-2021-37942 was published for co.elastic.apm:apm-agent-parent (Maven) Nov 22, 2023
Exposure of Sensitive Information in Elastic APM .NET Agent Low
CVE-2021-22143 was published for Elastic.Apm (NuGet) Nov 22, 2023
Clear Text Credentials Exposed via Onboarding Task High
CVE-2023-48700 was published for nautobot-device-onboarding (pip) Nov 21, 2023
whitej6 jeffkala
bryanculver scetron glennmatthews
Download to arbitrary folder can lead to RCE High
CVE-2023-47890 was published for pyload-ng (pip) Nov 21, 2023
vergl4s
Eval Injection in fastbots High
CVE-2023-48699 was published for fastbots (pip) Nov 21, 2023
ubertidavide
Decryption of malicious PBES2 JWE objects can consume unbounded system resources Moderate
GHSA-2c7c-3mj9-8fqh was published for github.com/go-jose/go-jose/v3 (Go) Nov 21, 2023
TorchServe ZipSlip Moderate
CVE-2023-48299 was published for torchserve (pip) Nov 21, 2023
ProTip! Advisories are also available from the GraphQL API