Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

27,184 advisories

Loading
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables High
CVE-2023-46115 was published for @tauri-apps/cli (npm) Oct 20, 2023
svg_optimizer rubygem external XML entity (XXE) vulnerability Moderate
CVE-2023-46035 was published for svg_optimizer (RubyGems) Oct 20, 2023
Apache Santuario - XML Security for Java are vulnerable to private key disclosure Moderate
CVE-2023-44483 was published for org.apache.santuario:xmlsec (Maven) Oct 20, 2023
Pleaser privilege escalation vulnerability High
CVE-2023-46277 was published for pleaser (Rust) Oct 20, 2023
Evolution CMS Cross-site Scripting vulnerability Moderate
CVE-2023-43340 was published for evolutioncms/evolution (Composer) Oct 20, 2023
mycli has Inadequate Encryption Strength Moderate
CVE-2023-44690 was published for mycli (pip) Oct 20, 2023
Yamcs Cross-site Scripting vulnerability Moderate
CVE-2023-45280 was published for org.yamcs:yamcs (Maven) Oct 20, 2023
Yamcs Cross-site Scripting vulnerability Moderate
CVE-2023-45279 was published for org.yamcs:yamcs (Maven) Oct 20, 2023
Subrion CMS vulnerable to Cross-site Scripting Moderate
CVE-2023-43875 was published for intelliants/subrion (Composer) Oct 20, 2023
Evolution CMS Cross-site Scripting vulnerability Moderate
CVE-2023-43341 was published for evolutioncms/evolution (Composer) Oct 20, 2023
Directus crashes on invalid WebSocket message High
CVE-2023-45820 was published for directus (npm) Oct 19, 2023
nles Credited to nles
Yamcs API Directory Traversal vulnerability Critical
CVE-2023-45278 was published for org.yamcs:yamcs (Maven) Oct 19, 2023
Yamcs Path Traversal vulnerability High
CVE-2023-45277 was published for org.yamcs:yamcs (Maven) Oct 19, 2023
ydb-go-sdk token in custom credentials object can leak through logs Moderate
CVE-2023-45825 was published for github.com/ydb-platform/ydb-go-sdk/v3 (Go) Oct 19, 2023
sumerki2020 Credited to sumerki2020, se-foster, and blinkov se-foster se-foster
blinkov blinkov
Artifact Hub arbitrary file read vulnerability High
CVE-2023-45823 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic Credited to dejanzelic
Artifact Hub allows unsafe rego built-in Low
CVE-2023-45822 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic Credited to dejanzelic
Artifact Hub has Incorrect Docker Hub registry check Moderate
CVE-2023-45821 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic Credited to dejanzelic
TinyMCE XSS vulnerability in notificationManager.open API Moderate
CVE-2023-45819 was published for TinyMCE (Composer) Oct 19, 2023
ph5i Credited to ph5i
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin Moderate
CVE-2023-45818 was published for TinyMCE (Composer) Oct 19, 2023
masatokinugawa Credited to masatokinugawa
Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context High
CVE-2023-45815 was published for archivebox (pip) Oct 19, 2023
NATS.io: Adding accounts for just the system account adds auth bypass High
CVE-2023-47090 was published for github.com/nats-io/nats-server/v2 (Go) Oct 19, 2023
Bunkum tokens cached in the AuthenticationService are susceptible to a use-after-free Moderate
CVE-2023-45814 was published for Bunkum (NuGet) Oct 19, 2023
jvyden Credited to jvyden
Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions High
CVE-2023-45812 was published for apollo-router (Rust) Oct 19, 2023
garypen Credited to garypen, BrynCooke, BryanBarron, jasonbarnett667, and shorgi BrynCooke BrynCooke
BryanBarron BryanBarron jasonbarnett667 jasonbarnett667 shorgi shorgi
Wagtail vulnerable to disclosure of user names via admin bulk action views Low
CVE-2023-45809 was published for wagtail (pip) Oct 19, 2023
quyenheu Credited to quyenheu
React Developer Tools extension Improper Authorization vulnerability Moderate
CVE-2023-5654 was published for react-devtools-core (npm) Oct 19, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database