GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
396 advisories
Filter by severity
DockerSpawner allows any image by default
Moderate
CVE-2023-48311
was published
for
dockerspawner
(pip)
Dec 8, 2023
Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass
Moderate
CVE-2023-47106
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 5, 2023
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity
Moderate
CVE-2023-48631
was published
for
@adobe/css-tools
(npm)
Nov 30, 2023
aiohttp's ClientSession is vulnerable to CRLF injection via version
Moderate
CVE-2023-49081
was published
for
aiohttp
(pip)
Nov 27, 2023
aiohttp's ClientSession is vulnerable to CRLF injection via method
Moderate
CVE-2023-49082
was published
for
aiohttp
(pip)
Nov 27, 2023
OpenNMS Cross-site Scripting vulnerability
Moderate
CVE-2023-40314
was published
for
org.opennms:opennms-webapp
(Maven)
Nov 17, 2023
Eclipse Glassfish remote code execution issue
Moderate
CVE-2023-5763
was published
for
org.glassfish.main.orb:orb-connector
(Maven)
Nov 3, 2023
Eclipse Parsson Denial of Service vulnerability
Moderate
CVE-2023-4043
was published
for
org.eclipse.parsson:project
(Maven)
Nov 3, 2023
Improper Input Validation in vriteio/vrite
Moderate
CVE-2023-5571
was published
for
@vrite/sdk
(npm)
Oct 13, 2023
Apache Tomcat Improper Input Validation vulnerability
Moderate
CVE-2023-45648
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 10, 2023
Microsoft Common Data Model SDK Denial of Service Vulnerability
Moderate
CVE-2023-36566
was published
for
Microsoft.CommonDataModel.ObjectModel
(Maven)
Oct 10, 2023
Improper Input Validation in nocodb
Moderate
CVE-2023-5104
was published
for
nocodb
(npm)
Sep 21, 2023
HashiCorp Vault Improper Input Validation vulnerability
Moderate
CVE-2023-4680
was published
for
github.com/hashicorp/vault
(Go)
Sep 15, 2023
Apache Commons Compress denial of service vulnerability
Moderate
CVE-2023-42503
was published
for
org.apache.commons:commons-compress
(Maven)
Sep 14, 2023
Prevent injection of invalid entity ids for "autocomplete" fields
Moderate
CVE-2023-41336
was published
for
symfony/ux-autocomplete
(Composer)
Sep 11, 2023
Apache Superset Improper Input Validation vulnerability
Moderate
CVE-2023-39265
was published
for
apache-superset
(pip)
Sep 6, 2023
@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS
Moderate
CVE-2023-26364
was published
for
@adobe/css-tools
(npm)
Aug 29, 2023
PrestaShop file deletion via CustomerMessage
Moderate
CVE-2023-39530
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
PrestaShop file deletion via attachment API
Moderate
CVE-2023-39529
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
omeka/omeka-s Improper Input Validation vulnerability
Moderate
CVE-2023-4157
was published
for
omeka/omeka-s
(Composer)
Aug 4, 2023
matrix-appservice-irc IRC command injection via admin commands containing newlines
Moderate
CVE-2023-38690
was published
for
matrix-appservice-irc
(npm)
Aug 4, 2023
Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation
Moderate
CVE-2023-37948
was published
for
org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute
(Maven)
Jul 12, 2023
Apache Airflow Improper Input Validation vulnerability
Moderate
CVE-2023-22888
was published
for
apache-airflow
(pip)
Jul 12, 2023
Apache Airflow Improper Input Validation vulnerability
Moderate
CVE-2023-36543
was published
for
apache-airflow
(pip)
Jul 12, 2023
ProTip!
Advisories are also available from the
GraphQL API