Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
2,250
Erlang
22
GitHub Actions
11
Go
1,224
Maven
3,979
npm
3,156
NuGet
515
pip
2,099
Pub
7
RubyGems
744
Rust
664
Swift
29
Unreviewed advisories
All unreviewed
5,000+

14,572 advisories

SQl injection in jeecgboot High
CVE-2023-40989 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Sep 22, 2023
Out-of-bounds Read while parsing citations High
CVE-2023-42821 was published for github.com/gomarkdown/markdown (Go) Sep 22, 2023
NSEcho
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure Moderate
CVE-2023-42811 was published for aes-gcm (Rust) Sep 22, 2023
nandita-v
pgAdmin failed to properly control the server code Moderate
CVE-2023-5002 was published for pgadmin4 (pip) Sep 22, 2023
FUXA vulnerable to Local File Inclusion Moderate
CVE-2023-31716 was published for @frangoteam/fuxa (npm) Sep 22, 2023
FUXA local file inclusion vulnerability Moderate
CVE-2023-31718 was published for fuxa-server (npm) Sep 22, 2023
FUXA SQL Injection vulnerability Moderate
CVE-2023-31719 was published for fuxa-server (npm) Sep 22, 2023
FUXA SQL Injection vulnerability Moderate
CVE-2023-31717 was published for fuxa-server (npm) Sep 22, 2023
Denial of Service issue in quinn-proto High
CVE-2023-42805 was published for quinn-proto (Rust) Sep 21, 2023
QUICTester
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait Low
GHSA-hc5c-r8m5-2gfh was published for plone.restapi (pip) Sep 21, 2023
systeminformation SSID Command Injection Vulnerability Critical
CVE-2023-42810 was published for systeminformation (npm) Sep 21, 2023
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-41048 was published for plone.namedfile (pip) Sep 21, 2023
msegoviag
CefSharp affected by heap buffer overflow in WebP Critical
GHSA-j646-gj5p-p45g was published for CefSharp.Common (NuGet) Sep 21, 2023
phonenumber panics on parsing crafted RF3966 inputs High
CVE-2023-42444 was published for phonenumber (Rust) Sep 21, 2023
sno2 gferon
blurhash panics on parsing crafted inputs High
CVE-2023-42447 was published for blurhash (Rust) Sep 21, 2023
rubdos
SQLpage vulnerable to public exposure of database credentials Critical
CVE-2023-42454 was published for sqlpage (Rust) Sep 21, 2023
sudo-rs Session File Relative Path Traversal vulnerability Low
CVE-2023-42456 was published for sudo-rs (Rust) Sep 21, 2023
Vulnerable OpenSSL included in cryptography wheels Low
GHSA-v8gr-m533-ghj9 was published for cryptography (pip) Sep 21, 2023
plone.rest vulnerable to Denial of Service when ++api++ is used many times High
CVE-2023-42457 was published for plone.rest (pip) Sep 21, 2023
Zope vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-42458 was published for Zope (pip) Sep 21, 2023
mauritsvanrees icemac
Improper Input Validation in nocodb Moderate
CVE-2023-5104 was published for nocodb (npm) Sep 21, 2023
Composer allows cache poisoning from other projects built on the same host Moderate
CVE-2015-8371 was published for composer/composer (Composer) Sep 21, 2023
Tungstenite allows remote attackers to cause a denial of service Moderate
CVE-2023-43669 was published for tungstenite (Rust) Sep 21, 2023
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter Moderate
CVE-2015-5467 was published for yiisoft/yii2 (Composer) Sep 21, 2023
Vyper vulnerable to memory corruption in certain builtins utilizing `msize` High
CVE-2023-42443 was published for vyper (pip) Sep 20, 2023
trocher
ProTip! Advisories are also available from the GraphQL API