Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

27,184 advisories

Loading
TorBot vulnerable to Inefficient Regular Expression Complexity in validate_link Moderate
CVE-2023-45813 was published for torbot (pip) Oct 19, 2023
ikkebr Credited to ikkebr
Apache InLong Deserialization of Untrusted Data Vulnerability High
CVE-2023-46227 was published for org.apache.inlong:manager-common (Maven) Oct 19, 2023
Apache Shenyu Server Side Request Forgery vulnerability Moderate
CVE-2023-25753 was published for org.apache.shenyu:shenyu-admin (Maven) Oct 19, 2023
LangChain Server Side Request Forgery vulnerability High
CVE-2023-46229 was published for langchain (pip) Oct 19, 2023
rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion Moderate
CVE-2024-43806 was published for rustix (Rust) Oct 18, 2023
cyqsimon Credited to cyqsimon, sigmaSd, and popey sigmaSd sigmaSd
popey popey
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution High
CVE-2023-45811 was published for deobfuscator (npm) Oct 18, 2023
SteakEnthusiast Credited to SteakEnthusiast
OpenFGA DoS vulnerability High
CVE-2023-45810 was published for github.com/openfga/openfga (Go) Oct 18, 2023
KlausVii Credited to KlausVii
Arduino Create Agent path traversal - arbitrary file deletion vulnerability Moderate
CVE-2023-43803 was published for github.com/arduino/arduino-create-agent (Go) Oct 18, 2023
giubby84 Credited to giubby84
Arduino Create Agent path traversal - local privilege escalation vulnerability High
CVE-2023-43802 was published for github.com/arduino/arduino-create-agent (Go) Oct 18, 2023
giubby84 Credited to giubby84
Arduino Create Agent path traversal - arbitrary file deletion vulnerability Moderate
CVE-2023-43801 was published for github.com/arduino/arduino-create-agent (Go) Oct 18, 2023
giubby84 Credited to giubby84
Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability High
CVE-2023-43800 was published for github.com/arduino/arduino-create-agent (Go) Oct 18, 2023
giubby84 Credited to giubby84
go-ethereum vulnerable to denial of service via crafted GraphQL query High
CVE-2023-42319 was published for github.com/ethereum/go-ethereum (Go) Oct 18, 2023
MySQL Connectors takeover vulnerability High
CVE-2023-22102 was published for com.mysql:mysql-connector-j (Maven) Oct 18, 2023
d0ougal Credited to d0ougal and elzebra elzebra elzebra
urllib3's request body not stripped after redirect from 303 status changes request method to GET Moderate
CVE-2023-45803 was published for urllib3 (pip) Oct 17, 2023
ranjit-git Credited to ranjit-git, illia-v, sethmlarson, and Hacked36 illia-v illia-v
sethmlarson sethmlarson Hacked36 Hacked36
Liferay Portal and Liferay DXP Vulnerable to XSS in the Commerce Module Critical
CVE-2023-42627 was published for com.liferay.commerce:com.liferay.commerce.address.content.web (Maven) Oct 17, 2023
OpenSearch Issue with tenant read-only permissions Moderate
CVE-2023-45807 was published for org.opensearch.plugin:opensearch-security (Maven) Oct 17, 2023
OpenSearch uncontrolled resource consumption High
GHSA-8wx3-324g-w4qq was published for org.opensearch.plugin:opensearch-security (Maven) Oct 17, 2023
Plonk verifier KZG multi point verification Critical
GHSA-7p92-x423-vwj6 was published for github.com/consensys/gnark (Go) Oct 17, 2023
0xmpeter Credited to 0xmpeter, vesselinux, InaOana, and antonleviathan vesselinux vesselinux
InaOana InaOana antonleviathan antonleviathan
Prototype Pollution in ali-security/mongoose Critical
GHSA-rc4v-99cr-pjcm was published for @seal-security/mongoose-fixed (npm) Oct 17, 2023
Cross-site Scripting via missing Binding syntax validation High
CVE-2023-45683 was published for github.com/crewjam/saml (Go) Oct 17, 2023
anaximand3r Credited to anaximand3r
MantisBT may disclose project names to unauthorized users Moderate
CVE-2023-44394 was published for mantisbt/mantisbt (Composer) Oct 17, 2023
nocodb SQL Injection vulnerability Moderate
CVE-2023-43794 was published for nocodb (npm) Oct 17, 2023
sylwia-budzynska Credited to sylwia-budzynska
Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries High
CVE-2023-40180 was published for silverstripe/graphql (Composer) Oct 17, 2023
WebAuthn4J Spring Security Improper signature counter value handling Moderate
CVE-2023-45669 was published for com.webauthn4j:webauthn4j-spring-security-core (Maven) Oct 17, 2023
mbudnick Credited to mbudnick
XWiki Identity Oauth Privilege escalation (PR)/remote code execution from login screen through unescaped URL parameter Critical
CVE-2023-45144 was published for com.xwiki.identity-oauth:identity-oauth-ui (Maven) Oct 17, 2023
lucaswitvoet Credited to lucaswitvoet
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database