GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
2,182
Erlang
21
GitHub Actions
10
Go
1,193
Maven
3,892
npm
3,130
NuGet
499
pip
1,998
Pub
5
RubyGems
739
Rust
648
Swift
26
Unreviewed advisories
All unreviewed
5,000+
14,222 advisories
Filter by severity
Apache Tomcat Open Redirect vulnerability
High
CVE-2023-41080
was published
for
org.apache.tomcat:tomcat
(Maven)
Aug 25, 2023
Esoteric YamlBeans XML Entity Expansion vulnerability
Moderate
CVE-2023-24620
was published
for
com.esotericsoftware.yamlbeans:yamlbeans
(Maven)
Aug 25, 2023
Esoteric YamlBeans Unsafe Deserialization vulnerability
High
CVE-2023-24621
was published
for
com.esotericsoftware.yamlbeans:yamlbeans
(Maven)
Aug 25, 2023
OpenFGA Authorization Bypass
Moderate
CVE-2023-40579
was published
for
github.com/openfga/openfga
(Go)
Aug 25, 2023
Pyramid static view path traversal up one directory
Moderate
CVE-2023-40587
was published
for
pyramid
(pip)
Aug 25, 2023
Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User
High
CVE-2023-32079
was published
for
github.com/gravitl/netmaker
(Go)
Aug 25, 2023
Netmaker IDOR Allows User to Update Other User's Password
High
CVE-2023-32078
was published
for
github.com/gravitl/netmaker
(Go)
Aug 25, 2023
Netmaker has Hardcoded DNS Secret Key
High
CVE-2023-32077
was published
for
github.com/gravitl/netmaker
(Go)
Aug 25, 2023
webpki: CPU denial of service in certificate path building
High
GHSA-8qv2-5vq6-g2g7
was published
for
webpki
(Rust)
Aug 25, 2023
libp2p nodes vulnerable to OOM attack
High
CVE-2023-40583
was published
for
github.com/libp2p/go-libp2p
(Go)
Aug 24, 2023
mail-internals use-after-free vulnerability in `vec_insert_bytes`
Moderate
GHSA-rcx8-48pc-v9q8
was published
for
mail-internals
(Rust)
Aug 24, 2023
ntpd has Dependency on Vulnerable Third-Party Component
Low
GHSA-37xq-q42p-rv3p
was published
for
ntpd
(Rust)
Aug 24, 2023
@webiny/react-rich-text-renderer vulnerable to insecure rendering of rich text content
Low
CVE-2023-41167
was published
for
@webiny/react-rich-text-renderer
(npm)
Aug 24, 2023
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
Low
CVE-2023-40030
was published
for
cargo
(Rust)
Aug 24, 2023
Spring-Kafka has Java Deserialization vulnerability When Improperly Configured
Moderate
CVE-2023-34040
was published
for
org.springframework.kafka:spring-kafka
(Maven)
Aug 24, 2023
Minimal `basti` IAM Policy Allows Shell Access
Low
GHSA-q4pp-j36h-3gqg
was published
for
basti-cdk
(npm)
Aug 24, 2023
Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint
High
CVE-2023-40577
was published
for
github.com/prometheus/alertmanager
(Go)
Aug 23, 2023
XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution
Critical
CVE-2023-40573
was published
for
com.xpn.xwiki.platform.plugins:xwiki-plugin-scheduler
(Maven)
Aug 23, 2023
XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action
Critical
CVE-2023-40572
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Aug 23, 2023
Active Support Possibly Discloses Locally Encrypted Files
Low
CVE-2023-38037
was published
for
activesupport
(RubyGems)
Aug 23, 2023
SilverStripe CMS Cross-site Scripting vulnerabilities inherited from TinyMCE
Moderate
GHSA-jxcx-3h54-qqxx
was published
for
silverstripe/admin
(Composer)
Aug 23, 2023
Apache Airflow Session Fixation vulnerability
Moderate
CVE-2023-40273
was published
for
apache-airflow
(pip)
Aug 23, 2023
Apache Airflow denial of service vulnerability
Low
CVE-2023-37379
was published
for
apache-airflow
(pip)
Aug 23, 2023
Apache Airflow missing Certificate Validation
High
CVE-2023-39441
was published
for
apache-airflow
(pip)
Aug 23, 2023
Argo CD web terminal session doesn't expire
Moderate
CVE-2023-40025
was published
for
github.com/argoproj/argo-cd
(Go)
Aug 23, 2023
ProTip!
Advisories are also available from the
GraphQL API