GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
1,573
Erlang
20
GitHub Actions
10
Go
1,023
Maven
3,520
npm
2,987
NuGet
273
pip
1,722
Pub
5
RubyGems
679
Rust
612
Unreviewed advisories
All unreviewed
5,000+
12,330 advisories
Filter by severity
RosarioSIS Stores Sensitive Data in a Mechanism without Access Control
High
CVE-2023-2665
was published
for
francoisjacquet/rosariosis
(Composer)
May 19, 2023
Froxlor vulnerable to Allocation of Resources Without Limits or Throttling
Moderate
CVE-2023-2666
was published
for
froxlor/froxlor
(Composer)
May 19, 2023
transformers has Insecure Temporary File
Moderate
CVE-2023-2800
was published
for
transformers
(pip)
May 18, 2023
LavaLite vulnerable to Cross Site Scripting
Moderate
CVE-2023-30124
was published
for
lavalite/cms
(Composer)
May 18, 2023
mlflow Path Traversal vulnerability
Critical
CVE-2023-2780
was published
for
mlflow
(pip)
May 17, 2023
ReactPHP's HTTP server continues parsing unused multipart parts after reaching input field and file upload limits
Moderate
CVE-2023-26044
was published
for
react/http
(Composer)
May 17, 2023
Dgraph Audit Log Encryption Vulnerability
Low
CVE-2023-31135
was published
for
github.com/dgraph-io/dgraph
(Go)
May 17, 2023
pimcore/customer-management-framework-bundle has SQL Injection vulnerability in Segment Assignment query
Moderate
CVE-2023-2756
was published
for
pimcore/customer-management-framework-bundle
(Composer)
May 17, 2023
phpMyFAQ vulnerable to stored Cross-site Scripting
High
CVE-2023-2753
was published
for
thorsten/phpmyfaq
(Composer)
May 17, 2023
phpMyFAQ vulnerable to stored Cross-site Scripting
High
CVE-2023-2752
was published
for
thorsten/phpmyfaq
(Composer)
May 17, 2023
vm2 vulnerable to Inspect Manipulation
Moderate
CVE-2023-32313
was published
for
vm2
(npm)
May 17, 2023
Starlette has Path Traversal vulnerability in StaticFiles
Low
GHSA-v5gw-mw7f-84px
was published
for
starlette
(pip)
May 17, 2023
Moodle vulnerable to stored Cross-site Scripting
Moderate
CVE-2021-27131
was published
for
moodle/moodle
(Composer)
May 16, 2023
alkacon-OpenCMS vulnerable to stored Cross-site Scripting
Moderate
CVE-2023-31544
was published
for
org.opencms:opencms-core
(Maven)
May 16, 2023
Jenkins Code Dx Plugin cross-site request forgery vulnerability
Moderate
CVE-2023-2195
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
Jenkins Code Dx Plugin missing permission checks
Moderate
CVE-2023-2631
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
Jenkins Code Dx Plugin missing permission checks
Moderate
CVE-2023-2196
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
Jenkins WSO2 Oauth Plugin cross-site request forgery vulnerability
Moderate
CVE-2023-33006
was published
for
org.jenkins-ci.plugins:wso2id-oauth
(Maven)
May 16, 2023
Jenkins Tag Profiler Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2023-33003
was published
for
org.jenkins-ci.plugins:tag-profiler
(Maven)
May 16, 2023
TestComplete support Plugin vulnerable to stored Cross-site Scripting
High
CVE-2023-33002
was published
for
org.jenkins-ci.plugins:TestComplete
(Maven)
May 16, 2023
Jenkins LoadComplete support Plugin Cross-site Scripting vulnerability
High
CVE-2023-33007
was published
for
org.jenkins-ci.plugins:loadcomplete
(Maven)
May 16, 2023
Jenkins Tag Profiler Plugin missing permission check
Moderate
CVE-2023-33004
was published
for
org.jenkins-ci.plugins:tag-profiler
(Maven)
May 16, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability
High
CVE-2023-33005
was published
for
org.jenkins-ci.plugins:wso2id-oauth
(Maven)
May 16, 2023
Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability
High
CVE-2023-32991
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
May 16, 2023
Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting
High
CVE-2023-32977
was published
for
org.jenkins-ci.plugins.workflow:workflow-job
(Maven)
May 16, 2023
ProTip!
Advisories are also available from the
GraphQL API