Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,351
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

25,023 advisories

Filter by severity
All severities
Low
Moderate
High
Critical
Loading
XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data High
CVE-2023-26480 was published for org.xwiki.platform:xwiki-platform-livedata-macro (Maven) Mar 3, 2023
xwiki vulnerable to Improper Handling of Exceptional Conditions Moderate
CVE-2023-26479 was published for org.xwiki.platform:xwiki-platform-rendering-parser (Maven) Mar 3, 2023
xwiki contains Exposed Dangerous Method or Function Moderate
CVE-2023-26478 was published for org.xwiki.platform:xwiki-platform-store-filesystem-oldcore (Maven) Mar 3, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability Critical
CVE-2023-26477 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) Mar 3, 2023
XWiki Platform subject to Uncontrolled Resource Consumption Moderate
CVE-2023-26470 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Mar 3, 2023
XWiki Platform users may execute anything with superadmin right through comments and async macro Critical
CVE-2023-26471 was published for org.xwiki.platform:xwiki-platform-rendering-async-macro (Maven) Mar 3, 2023
XWiki Platform may allow privilege escalation to programming rights via user's first name Critical
CVE-2023-26055 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Mar 3, 2023
XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile Critical
CVE-2023-26472 was published for org.xwiki.platform:xwiki-platform-icon-ui (Maven) Mar 3, 2023
XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author Critical
CVE-2023-26474 was published for org.xwiki.platform:xwiki-platform-legacy-oldcore (Maven) Mar 3, 2023
XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor High
CVE-2023-26476 was published for org.xwiki.platform:xwiki-platform-livetable-ui (Maven) Mar 3, 2023
Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm Moderate
CVE-2023-26473 was published for org.xwiki.platform:xwiki-platform-web (Maven) Mar 3, 2023
Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions Moderate
CVE-2023-26051 was published for Saleor (pip) Mar 3, 2023
Craft CMS Stored Cross-site Scripting Injection Vulnerability Moderate
CVE-2023-23927 was published for craftcms/cms (Composer) Mar 3, 2023
gabriel-vernilobrandonkelly
Credited to gabriel-vernilo and brandonkelly
Opencontainers runc Incorrect Authorization vulnerability High
CVE-2023-27561 was published for github.com/opencontainers/runc (Go) Mar 3, 2023
AkihiroSuda
Credited to AkihiroSuda
OpenZeppelin Contracts contains Incorrect Calculation Moderate
CVE-2023-26488 was published for @openzeppelin/contracts (npm) Mar 3, 2023
coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints Moderate
CVE-2022-2837 was published for github.com/coredns/coredns (Go) Mar 3, 2023
chrisbloom7
Credited to chrisbloom7
coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints Moderate
CVE-2022-2835 was published for github.com/coredns/coredns (Go) Mar 3, 2023
phpseclib Infinite Loop vulnerability High
CVE-2023-27560 was published for phpseclib/phpseclib (Composer) Mar 3, 2023
janedbal
Credited to janedbal
Cockpit Uses Platform-Dependent Third Party Components Moderate
CVE-2023-1160 was published for cockpit-hq/cockpit (Composer) Mar 3, 2023
Vega vulnerable to arbitrary code execution when clicking href links Moderate
GHSA-cp47-r258-q626 was published for vega (npm) Mar 2, 2023
Keycloak vulnerable to user impersonation via stolen UUID code High
CVE-2023-0264 was published for org.keycloak:keycloak-services (Maven) Mar 2, 2023
JorXi
Credited to JorXi
keycloak-connect contains Open redirect vulnerability in the Node.js adapter Moderate
CVE-2022-2237 was published for keycloak-connect (npm) Mar 2, 2023
jviding
Credited to jviding
gosaml2 vulnerable to Denial Of Service Via Deflate Decompression Bomb Moderate
CVE-2023-26483 was published for github.com/russellhaering/gosaml2 (Go) Mar 2, 2023
nszetei
Credited to nszetei
Vega Expression Language `scale` expression function Cross Site Scripting Moderate
CVE-2023-26486 was published for vega (npm) Mar 2, 2023
ajxchapmanhydrosquall
Credited to ajxchapman and hydrosquall
Vega has Cross-site Scripting vulnerability in `lassoAppend` function Moderate
CVE-2023-26487 was published for vega (npm) Mar 2, 2023
azasypkinjkakavas
Credited to azasypkin and jkakavas
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database