Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,746
Maven
5,000+
npm
4,350
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

25,015 advisories

Filter by severity
All severities
Low
Moderate
High
Critical
Loading
Grafana vulnerable to Stored Cross-site Scripting in Text plugin Moderate
CVE-2023-22462 was published for github.com/grafana/grafana (Go) Mar 1, 2023
Churromichaelkedar
Credited to Churro and michaelkedar
teler-waf contains detection rule bypass via Entities payload Moderate
CVE-2023-26047 was published for github.com/kitabisa/teler-waf (Go) Mar 1, 2023
aidilarf
Credited to aidilarf
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload Moderate
CVE-2023-26046 was published for github.com/kitabisa/teler-waf (Go) Mar 1, 2023
aidilarf
Credited to aidilarf
Juju controller - Arbitrary file reading vulnerability Moderate
CVE-2023-0092 was published for github.com/juju/juju (Go) Mar 1, 2023
yhy0
Credited to yhy0
Grafana vulnerable to Cross-site Scripting Moderate
CVE-2023-0594 was published for github.com/grafana/grafana (Go) Mar 1, 2023
Grafana vulnerable to Cross-site Scripting Moderate
CVE-2023-0507 was published for github.com/grafana/grafana (Go) Mar 1, 2023
Lemur subject to insecure random generation High
CVE-2023-30797 was published for lemur (pip) Mar 1, 2023
kjsman
Credited to kjsman
rsshub vulnerable to Cross-site Scripting via unvalidated URL parameters Moderate
CVE-2023-26491 was published for rsshub (npm) Mar 1, 2023
Ry0taK
Credited to Ry0taK
HTML Injection in Keycloak Admin REST API Moderate
CVE-2022-1274 was published for org.keycloak:keycloak-services (Maven) Mar 1, 2023
Keycloak Cross-site Scripting on OpenID connect login service High
CVE-2022-4137 was published for org.keycloak:keycloak-parent (Maven) Mar 1, 2023
Keycloak vulnerable to Cross-site Scripting Moderate
CVE-2022-1438 was published for org.keycloak:keycloak-services (Maven) Mar 1, 2023
Imperative CLI vulnerable to Command Injection Low
CVE-2021-4326 was published for @zowe/imperative (npm) Mar 1, 2023
MarkAckert
Credited to MarkAckert
api-platform/core's secured properties may be accessible within collections High
CVE-2023-25575 was published for api-platform/core (Composer) Feb 28, 2023
Toflarsoyuka
Credited to Toflar and soyuka
vantage6 refresh tokens do not expire High
CVE-2023-23929 was published for vantage6 (pip) Feb 28, 2023
vantage6 vulnerable to Improper Preservation of Permissions High
CVE-2023-22738 was published for vantage6 (pip) Feb 28, 2023
vantage6 vulnerable to Observable Response Discrepancy Moderate
CVE-2022-39228 was published for vantage6 (pip) Feb 28, 2023
partial_sort contains Out-of-bounds Read in release mode Moderate
GHSA-5x36-7567-3cw6 was published for partial_sort (Rust) Feb 28, 2023
Ascii (crate) allows out-of-bounds array indexing in safe code Moderate
GHSA-mrrw-grhq-86gf was published for ascii (Rust) Feb 28, 2023
Gogs OS Command Injection vulnerability Critical
CVE-2022-2024 was published for gogs.io/gogs (Go) Feb 28, 2023
cokeBeer
Credited to cokeBeer
mde utilities contains Prototype Pollution High
CVE-2023-26105 was published for utilities (npm) Feb 28, 2023
phanect
Credited to phanect
Microweber Cross-site Scripting vulnerability Moderate
CVE-2023-1081 was published for microweber/microweber (Composer) Feb 28, 2023
laravel-admin has Arbitrary File Upload vulnerability High
CVE-2023-24249 was published for encore/laravel-admin (Composer) Feb 27, 2023
TeamPass External Control of File Name or Path vulnerability High
CVE-2023-1070 was published for nilsteampassnet/teampass (Composer) Feb 27, 2023
Pimcore vulnerable to Cross-site Scripting Moderate
CVE-2023-1067 was published for pimcore/pimcore (Composer) Feb 27, 2023
frp_form_answers allows Cross-site Scripting Moderate
CVE-2023-26091 was published for frappant/frp-form-answers (Composer) Feb 26, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database