Thanks to visit codestin.com
Credit goes to Github.com

Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

26,045 advisories

Loading
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name Moderate
CVE-2023-26920 was published for fast-xml-parser (npm) Jun 13, 2023
Sudistark
Credited to Sudistark
tgstation-server cached user logins in legacy server High
CVE-2018-17107 was published for TGServiceInterface (NuGet) Jun 12, 2023
Cyberboss
Credited to Cyberboss
Grafana has Broken Access Control in Alert manager: Viewer can send test alerts Moderate
CVE-2023-2183 was published for github.com/grafana/grafana (Go) Jun 12, 2023
sebob
Credited to sebob
Doorkeeper Improper Authentication vulnerability Moderate
CVE-2023-34246 was published for doorkeeper (RubyGems) Jun 12, 2023
hickford rgammans
adam-h nbudin nbulaj
Credited to hickford, rgammans, adam-h, nbudin, and nbulaj
Ouroboros is Unsound Moderate
GHSA-87mf-9wg6-ppf8 was published for ouroboros (Rust) Jun 12, 2023
@keystone-6/core's bundled cuid package known to be insecure Low
GHSA-5fp6-4xw3-xqq3 was published for @keystone-6/core (npm) Jun 12, 2023
TomDo1234
Credited to TomDo1234
cheqd-node subject to Cosmos SDK "Barberry" vulnerability High
GHSA-8qxh-2gh8-r923 was published for github.com/cheqd/cheqd-node (Go) Jun 12, 2023
Apache NiFi vulnerable to Code Injection High
CVE-2023-34468 was published for org.apache.nifi:nifi-dbcp-base (Maven) Jun 12, 2023
exceptionfactory
Credited to exceptionfactory
Apache NiFi vulnerable to Deserialization of Untrusted Data Moderate
CVE-2023-34212 was published for org.apache.nifi:nifi-jms-processors (Maven) Jun 12, 2023
exceptionfactory
Credited to exceptionfactory
GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language Critical
CVE-2023-35042 was published for org.geoserver:gs-wfs (Maven) Jun 12, 2023
jodygarnett
Credited to jodygarnett
git-url-parse crate vulnerable to Regular Expression Denial of Service Low
CVE-2023-33290 was published for git-url-parse (Rust) Jun 12, 2023
progressbar.js vulnerable to Prototype Pollution High
CVE-2023-26133 was published for progressbar.js (npm) Jun 12, 2023
kimmobrunfeldt juburr
Credited to kimmobrunfeldt and juburr
crypto-js uses insecure random numbers Moderate
CVE-2020-36732 was published for crypto-js (npm) Jun 12, 2023
Froxlor Session Fixation vulnerability Moderate
CVE-2023-3192 was published for froxlor/froxlor (Composer) Jun 11, 2023
Teampass Cross-site Scripting vulnerability Moderate
CVE-2023-3190 was published for nilsteampassnet/teampass (Composer) Jun 10, 2023
Teampass Cross-site Scripting vulnerability Moderate
CVE-2023-3191 was published for nilsteampassnet/teampass (Composer) Jun 10, 2023
dottie vulnerable to Prototype Pollution High
CVE-2023-26132 was published for dottie (npm) Jun 10, 2023
HashiCorp Consul Incorrect Access Control vulnerability High
CVE-2019-12291 was published for github.com/hashicorp/consul (Go) Jun 9, 2023
Snowflake NodeJS Driver vulnerable to Command Injection High
CVE-2023-34232 was published for snowflake-sdk (npm) Jun 9, 2023
Snowflake Golang Driver vulnerable to Command Injection High
CVE-2023-34231 was published for github.com/snowflakedb/gosnowflake (Go) Jun 9, 2023
Snowflake Python Connector vulnerable to Command Injection High
CVE-2023-34233 was published for snowflake-connector-python (pip) Jun 9, 2023
Gatsby develop server has Local File Inclusion vulnerability Moderate
CVE-2023-34238 was published for gatsby (npm) Jun 9, 2023
Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs Moderate
CVE-2023-34239 was published for gradio (pip) Jun 9, 2023
mastomii
Credited to mastomii
@udecode/plate-link does not sanitize URLs to prevent use of the `javascript:` scheme High
CVE-2023-34245 was published for @udecode/plate-link (npm) Jun 9, 2023
OliverWales
Credited to OliverWales
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements Moderate
CVE-2023-23913 was published for actionview (RubyGems) Jun 9, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database