Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
2,182
Erlang
21
GitHub Actions
10
Go
1,193
Maven
3,892
npm
3,130
NuGet
499
pip
1,998
Pub
5
RubyGems
739
Rust
648
Swift
26
Unreviewed advisories
All unreviewed
5,000+

14,222 advisories

Apache Tomcat Open Redirect vulnerability High
CVE-2023-41080 was published for org.apache.tomcat:tomcat (Maven) Aug 25, 2023
Esoteric YamlBeans XML Entity Expansion vulnerability Moderate
CVE-2023-24620 was published for com.esotericsoftware.yamlbeans:yamlbeans (Maven) Aug 25, 2023
Esoteric YamlBeans Unsafe Deserialization vulnerability High
CVE-2023-24621 was published for com.esotericsoftware.yamlbeans:yamlbeans (Maven) Aug 25, 2023
OpenFGA Authorization Bypass Moderate
CVE-2023-40579 was published for github.com/openfga/openfga (Go) Aug 25, 2023
aaguiarz
Pyramid static view path traversal up one directory Moderate
CVE-2023-40587 was published for pyramid (pip) Aug 25, 2023
Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User High
CVE-2023-32079 was published for github.com/gravitl/netmaker (Go) Aug 25, 2023
rootxharsh iamnoooob
Netmaker IDOR Allows User to Update Other User's Password High
CVE-2023-32078 was published for github.com/gravitl/netmaker (Go) Aug 25, 2023
rootxharsh iamnoooob
Netmaker has Hardcoded DNS Secret Key High
CVE-2023-32077 was published for github.com/gravitl/netmaker (Go) Aug 25, 2023
rootxharsh iamnoooob
webpki: CPU denial of service in certificate path building High
GHSA-8qv2-5vq6-g2g7 was published for webpki (Rust) Aug 25, 2023
libp2p nodes vulnerable to OOM attack High
CVE-2023-40583 was published for github.com/libp2p/go-libp2p (Go) Aug 24, 2023
marten-seemann
mail-internals use-after-free vulnerability in `vec_insert_bytes` Moderate
GHSA-rcx8-48pc-v9q8 was published for mail-internals (Rust) Aug 24, 2023
ntpd has Dependency on Vulnerable Third-Party Component Low
GHSA-37xq-q42p-rv3p was published for ntpd (Rust) Aug 24, 2023
@webiny/react-rich-text-renderer vulnerable to insecure rendering of rich text content Low
CVE-2023-41167 was published for @webiny/react-rich-text-renderer (npm) Aug 24, 2023
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports Low
CVE-2023-40030 was published for cargo (Rust) Aug 24, 2023
pietroalbini cuviper
remkop22 ehuss weihanglo Manishearth
Spring-Kafka has Java Deserialization vulnerability When Improperly Configured Moderate
CVE-2023-34040 was published for org.springframework.kafka:spring-kafka (Maven) Aug 24, 2023
Minimal `basti` IAM Policy Allows Shell Access Low
GHSA-q4pp-j36h-3gqg was published for basti-cdk (npm) Aug 24, 2023
ramimac
Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint High
CVE-2023-40577 was published for github.com/prometheus/alertmanager (Go) Aug 23, 2023
oxeye-gal oxeye-daniel
XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution Critical
CVE-2023-40573 was published for com.xpn.xwiki.platform.plugins:xwiki-plugin-scheduler (Maven) Aug 23, 2023
XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action Critical
CVE-2023-40572 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Aug 23, 2023
Active Support Possibly Discloses Locally Encrypted Files Low
CVE-2023-38037 was published for activesupport (RubyGems) Aug 23, 2023
SilverStripe CMS Cross-site Scripting vulnerabilities inherited from TinyMCE Moderate
GHSA-jxcx-3h54-qqxx was published for silverstripe/admin (Composer) Aug 23, 2023
Apache Airflow Session Fixation vulnerability Moderate
CVE-2023-40273 was published for apache-airflow (pip) Aug 23, 2023
Apache Airflow denial of service vulnerability Low
CVE-2023-37379 was published for apache-airflow (pip) Aug 23, 2023
Apache Airflow missing Certificate Validation High
CVE-2023-39441 was published for apache-airflow (pip) Aug 23, 2023
Argo CD web terminal session doesn't expire Moderate
CVE-2023-40025 was published for github.com/argoproj/argo-cd (Go) Aug 23, 2023
zhlu32
ProTip! Advisories are also available from the GraphQL API