Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,667
Maven
5,000+
npm
4,295
NuGet
760
pip
4,073
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,720 advisories

Loading
Symfony storing cookie headers in HttpCache Moderate
CVE-2022-24894 was published for symfony/http-kernel (Composer) Feb 1, 2023
nicolas-grekas shyim
Credited to nicolas-grekas and shyim
Symfony vulnerable to Session Fixation of CSRF tokens Moderate
CVE-2022-24895 was published for symfony/security-bundle (Composer) Feb 1, 2023
nicolas-grekas lavish
Credited to nicolas-grekas and lavish
Apache InLong vulnerable to Deserialization of Untrusted Data vulnerability Critical
CVE-2023-24997 was published for org.apache.inlong:inlong (Maven) Feb 1, 2023
Withdrawn: wallabag subject to Improper Authorization Moderate
GHSA-h45f-rjvw-2rv2 was published for wallabag/wallabag (Composer) Feb 1, 2023 withdrawn
Withdrawn: wallabag subject to Improper Authorization via annotations Moderate
GHSA-xrw3-wqph-3fxg was published for wallabag/wallabag (Composer) Feb 1, 2023 withdrawn
Apache InLong contains Out-of-bounds Read vulnerability High
CVE-2023-24977 was published for org.apache.inlong:inlong (Maven) Feb 1, 2023
mt7688-wiscan is vulnerable to Command Injection due to improper input sanitization High
CVE-2022-25916 was published for mt7688-wiscan (npm) Feb 1, 2023
is-http2 vulnerable to Improper Input Validation High
CVE-2022-25906 was published for is-http2 (npm) Feb 1, 2023
Microweber contains Cross-site Scripting Moderate
CVE-2023-0608 was published for microweber/microweber (Composer) Feb 1, 2023
Dompdf vulnerable to URI validation failure on SVG parsing Critical
CVE-2023-23924 was published for dompdf/dompdf (Composer) Feb 1, 2023
Blaklis
Credited to Blaklis
Warp vulnerable to Path Traversal via Improper validation of Windows paths High
GHSA-8v4j-7jgf-5rg9 was published for warp (Rust) Jan 31, 2023
tdunlap607
Credited to tdunlap607
XSS Attack with Express API High
CVE-2023-23630 was published for eta (npm) Jan 31, 2023
agustingianni
Credited to agustingianni
Parse Server option `masterKeyIps` vulnerability to IP spoofing High
CVE-2023-22474 was published for parse-server (npm) Jan 31, 2023
dblythy
Credited to dblythy
Dromara Hutool Deserialization of Untrusted Data vulnerability Critical
CVE-2023-24162 was published for cn.hutool:hutool-all (Maven) Jan 31, 2023
Dromara hutool vulnerable to SQL Injection Critical
CVE-2023-24163 was published for cn.hutool:hutool-all (Maven) Jan 31, 2023
liangyueliangyue andrewpollock
Credited to liangyueliangyue and andrewpollock
Joplin Desktop App vulnerable to Cross-site Scripting Moderate
CVE-2022-45598 was published for joplin (npm) Jan 31, 2023
Path traversal in ubi-reader Moderate
CVE-2023-0591 was published for ubi-reader (pip) Jan 31, 2023
qkaiser
Credited to qkaiser
Apache Linkis contains Deserialization of Untrusted Data High
CVE-2022-44645 was published for org.apache.linkis:linkis (Maven) Jan 31, 2023
Apache Linkis vulnerable to Exposure of Sensitive Information Moderate
CVE-2022-44644 was published for org.apache.linkis:linkis (Maven) Jan 31, 2023
nemo-appium vulnerable to OS Command Injection Critical
CVE-2022-21129 was published for nemo-appium (npm) Jan 31, 2023
http-cache-semantics vulnerable to Regular Expression Denial of Service High
CVE-2022-25881 was published for http-cache-semantics (Maven) Jan 31, 2023
tdunlap607
Credited to tdunlap607
jSuites subect to Cross-site Scripting Moderate
CVE-2022-25979 was published for jsuites (npm) Jan 31, 2023
Withdrawn Advisory: Apache IoTDB contains Improper Authentication High
CVE-2023-24830 was published for org.apache.iotdb:iotdb-parent (Maven) Jan 30, 2023 withdrawn
Withdrawn: safeurl-python contains Server-Side Request Forgery Moderate
GHSA-rw83-v3pw-m362 was published for safeurl-python (pip) Jan 30, 2023 withdrawn
Servst vulnerable to Path Traversal High
CVE-2022-25936 was published for servst (npm) Jan 30, 2023
lirantal
Credited to lirantal
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database