Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,497 advisories

Loading
Observable timing discrepancy in JOpenId High
CVE-2010-10006 was published for org.expressme:JOpenId (Maven) Jan 18, 2023
mechanize Regular Expression Denial of Service vulnerability High
CVE-2021-32837 was published for mechanize (pip) Jan 18, 2023
Component takeover in Oracle Data Provider for .NET High
CVE-2023-21893 was published for Oracle.ManagedDataAccess (NuGet) Jan 18, 2023
georg-jung alexkeh
Credited to georg-jung and alexkeh
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views Critical
CVE-2023-22731 was published for shopware/core (Composer) Jan 17, 2023
Shopware vulnerable to Improper Input Validation of Clearance sale in cart Moderate
CVE-2023-22730 was published for shopware/core (Composer) Jan 17, 2023
JoshuaBehrens aragon999
Credited to JoshuaBehrens and aragon999
Sisimai Inefficient Regular Expression Complexity vulnerability Moderate
CVE-2022-4891 was published for sisimai (RubyGems) Jan 17, 2023
Code injection in ruby git High
CVE-2022-47318 was published for git (RubyGems) Jan 17, 2023
pgAdmin 4 Open Redirect vulnerability Moderate
CVE-2023-22298 was published for pgadmin4 (pip) Jan 17, 2023
simplesamlphp-module-openidprovider Cross Site Scripting vulnerability Moderate
CVE-2010-10008 was published for simplesamlphp/simplesamlphp-module-openidprovider (Composer) Jan 17, 2023
SQL Injection in liftkit/database Critical
CVE-2016-15020 was published for liftkit/database (Composer) Jan 16, 2023
Apache Superset's SQL Alchemy connector vulnerable to SQL Injection Moderate
CVE-2022-41703 was published for apache-superset (pip) Jan 16, 2023
Apache Superset vulnerable to Cross-site Scripting Moderate
CVE-2022-43717 was published for apache-superset (pip) Jan 16, 2023
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints High
CVE-2022-43719 was published for apache-superset (pip) Jan 16, 2023
Apache Superset is vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-43718 was published for apache-superset (pip) Jan 16, 2023
curupira is vulnerable to SQL injection Critical
CVE-2015-10053 was published for curupira (RubyGems) Jan 16, 2023
Apache Superset Open Redirect vulnerability Moderate
CVE-2022-43721 was published for apache-superset (pip) Jan 16, 2023
Apache Superset vulnerable to Injection Moderate
CVE-2022-43720 was published for apache-superset (pip) Jan 16, 2023
Apache Superset has Improper Access Control Moderate
CVE-2022-45438 was published for apache-superset (pip) Jan 16, 2023
Froxlor vulnerable to Command Injection High
CVE-2023-0315 was published for froxlor/froxlor (Composer) Jan 16, 2023
Froxlor is vulnerable to path traversal Moderate
CVE-2023-0316 was published for froxlor/froxlor (Composer) Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0306 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ has Weak Password Requirements Moderate
CVE-2023-0307 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0308 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0309 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0310 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database