Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,726
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

238 advisories

Loading
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI... Critical Unreviewed
CVE-2023-39213 was published Aug 9, 2023
MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template... Critical Unreviewed
CVE-2023-36210 was published Aug 1, 2023
Code injection in Duke Critical
CVE-2023-39013 was published for no.priv.garshol.duke:duke (Maven) Jul 28, 2023
org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerability Critical
CVE-2023-37462 was published for org.xwiki.platform:xwiki-platform-skin-ui (Maven) Jul 14, 2023
HtmlUnit Code Injection vulnerability Critical
CVE-2023-26119 was published for net.sourceforge.htmlunit:htmlunit (Maven) Jul 6, 2023
langchain vulnerable to arbitrary code execution Critical
CVE-2023-36188 was published for langchain (pip) Jul 6, 2023
Remote Code Execution for 2.4.1 and earlier Critical
CVE-2023-36812 was published for net.opentsdb:opentsdb (Maven) Jun 30, 2023
oxeye-daniel oxeye-gal
Credited to oxeye-daniel and oxeye-gal
XWiki Platform vulnerable to Code injection through NotificationRSSService Critical
CVE-2023-36469 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Jun 30, 2023
XWiki Platform vulnerable to Code Injection in icon themes Critical
CVE-2023-36470 was published for org.xwiki.platform:xwiki-platform-icon-default (Maven) Jun 30, 2023
org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted Critical
CVE-2023-36471 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Jun 30, 2023
An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions... Critical Unreviewed
CVE-2023-33566 was published Jun 27, 2023
The go command may execute arbitrary code at build time when using cgo. This may occur when... Critical Unreviewed
CVE-2023-29405 was published Jun 8, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-32314 was published for vm2 (npm) May 15, 2023
arkark
Credited to arkark
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates... Critical Unreviewed
CVE-2023-24540 was published May 11, 2023
ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable,... Critical Unreviewed
CVE-2023-29827 was published May 4, 2023
XWiki Platform vulnerable to privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration Critical
CVE-2023-29525 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection from account through AWM view sheet Critical
CVE-2023-29527 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Apr 20, 2023
XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode Critical
CVE-2023-29526 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection from account through XWiki.SchedulerJobSheet Critical
CVE-2023-29524 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection in display method used in user profiles Critical
CVE-2023-29523 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 20, 2023
XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector Critical
CVE-2023-29516 was published for org.xwiki.platform:xwiki-platform-attachment-ui (Maven) Apr 20, 2023
XWiki vulnerable to Code Injection in template provider administration Critical
CVE-2023-29514 was published for org.xwiki.platform.applications:xwiki-application-administration (Maven) Apr 20, 2023
xwiki-platform-web-templates vulnerable to Eval Injection Critical
CVE-2023-29512 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 20, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-30547 was published for vm2 (npm) Apr 20, 2023
leesh3288
Credited to leesh3288
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin Critical
CVE-2023-22621 was published for @strapi/plugin-email (npm) Apr 19, 2023
derrickmehaffy Ccamm
Convly
Credited to derrickmehaffy, Ccamm, and Convly
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database