Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

12,330 advisories

RosarioSIS Stores Sensitive Data in a Mechanism without Access Control High
CVE-2023-2665 was published for francoisjacquet/rosariosis (Composer) May 19, 2023
Froxlor vulnerable to Allocation of Resources Without Limits or Throttling Moderate
CVE-2023-2666 was published for froxlor/froxlor (Composer) May 19, 2023
transformers has Insecure Temporary File Moderate
CVE-2023-2800 was published for transformers (pip) May 18, 2023
LavaLite vulnerable to Cross Site Scripting Moderate
CVE-2023-30124 was published for lavalite/cms (Composer) May 18, 2023
mlflow Path Traversal vulnerability Critical
CVE-2023-2780 was published for mlflow (pip) May 17, 2023
ReactPHP's HTTP server continues parsing unused multipart parts after reaching input field and file upload limits Moderate
CVE-2023-26044 was published for react/http (Composer) May 17, 2023
WyriHaximus
Dgraph Audit Log Encryption Vulnerability Low
CVE-2023-31135 was published for github.com/dgraph-io/dgraph (Go) May 17, 2023
HakuPiku joshua-goldstein
skrdgraph
pimcore/customer-management-framework-bundle has SQL Injection vulnerability in Segment Assignment query Moderate
CVE-2023-2756 was published for pimcore/customer-management-framework-bundle (Composer) May 17, 2023
JoMC98
phpMyFAQ vulnerable to stored Cross-site Scripting High
CVE-2023-2753 was published for thorsten/phpmyfaq (Composer) May 17, 2023
phpMyFAQ vulnerable to stored Cross-site Scripting High
CVE-2023-2752 was published for thorsten/phpmyfaq (Composer) May 17, 2023
vm2 vulnerable to Inspect Manipulation Moderate
CVE-2023-32313 was published for vm2 (npm) May 17, 2023
arkark
Starlette has Path Traversal vulnerability in StaticFiles Low
GHSA-v5gw-mw7f-84px was published for starlette (pip) May 17, 2023
aminalaee
Moodle vulnerable to stored Cross-site Scripting Moderate
CVE-2021-27131 was published for moodle/moodle (Composer) May 16, 2023
alkacon-OpenCMS vulnerable to stored Cross-site Scripting Moderate
CVE-2023-31544 was published for org.opencms:opencms-core (Maven) May 16, 2023
Jenkins Code Dx Plugin cross-site request forgery vulnerability Moderate
CVE-2023-2195 was published for org.jenkins-ci.plugins:codedx (Maven) May 16, 2023
Jenkins Code Dx Plugin missing permission checks Moderate
CVE-2023-2631 was published for org.jenkins-ci.plugins:codedx (Maven) May 16, 2023
Jenkins Code Dx Plugin missing permission checks Moderate
CVE-2023-2196 was published for org.jenkins-ci.plugins:codedx (Maven) May 16, 2023
Jenkins WSO2 Oauth Plugin cross-site request forgery vulnerability Moderate
CVE-2023-33006 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 16, 2023
Jenkins Tag Profiler Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-33003 was published for org.jenkins-ci.plugins:tag-profiler (Maven) May 16, 2023
TestComplete support Plugin vulnerable to stored Cross-site Scripting High
CVE-2023-33002 was published for org.jenkins-ci.plugins:TestComplete (Maven) May 16, 2023
Jenkins LoadComplete support Plugin Cross-site Scripting vulnerability High
CVE-2023-33007 was published for org.jenkins-ci.plugins:loadcomplete (Maven) May 16, 2023
Jenkins Tag Profiler Plugin missing permission check Moderate
CVE-2023-33004 was published for org.jenkins-ci.plugins:tag-profiler (Maven) May 16, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability High
CVE-2023-33005 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 16, 2023
Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability High
CVE-2023-32991 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting High
CVE-2023-32977 was published for org.jenkins-ci.plugins.workflow:workflow-job (Maven) May 16, 2023
ProTip! Advisories are also available from the GraphQL API