Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,930
Maven
5,000+
npm
4,587
NuGet
786
pip
4,294
Pub
12
RubyGems
981
Rust
1,114
Swift
49
Unreviewed advisories
All unreviewed
5,000+

25,886 advisories

Loading
Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites Moderate
CVE-2023-32323 was published for matrix-synapse (pip) May 24, 2023
Ckan remote code execution and private information access via crafted resource ids Critical
CVE-2023-32321 was published for ckan (pip) May 24, 2023
YoloClin
Credited to YoloClin
Synapse Denial of service due to incorrect application of event authorization rules during state resolution High
CVE-2022-39374 was published for matrix-synapse (pip) May 24, 2023
Synapse does not apply enough checks to servers requesting auth events of events in a room High
CVE-2022-39335 was published for matrix-synapse (pip) May 24, 2023
Malware in pre-build binaries of bignum Critical
GHSA-7cgc-fjv4-52x6 was published for bignum (npm) May 24, 2023
calebbrown rvagg
Credited to calebbrown and rvagg
Cross-site scripting in Liferay Portal Moderate
CVE-2023-33937 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
Cross-site scripting in Liferay Portal Moderate
CVE-2023-33938 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
Cross-site scripting in Liferay Portal Moderate
CVE-2023-33940 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
Cross-site scripting in Liferay Portal Moderate
CVE-2023-33941 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
Cross-site scripting in Liferay Portal Moderate
CVE-2023-33939 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
Cross-site scripting in Liferay Portal Moderate
CVE-2023-33943 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
Cross-site scripting in Liferay Portal Moderate
CVE-2023-33942 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
SSCMS vulnerable to Cross Site Scripting Moderate
CVE-2023-2862 was published for SSCMS (NuGet) May 24, 2023
Code injection in nilsteampassnet/teampass High
CVE-2023-2859 was published for nilsteampassnet/teampass (Composer) May 24, 2023
Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled High
CVE-2023-32697 was published for org.xerial:sqlite-jdbc (Maven) May 23, 2023
4390c336
Credited to 4390c336
Insufficient validation when decoding a Socket.IO packet Moderate
CVE-2023-32695 was published for socket.io-parser (npm) May 23, 2023
rafax00 darrachequesne
Credited to rafax00 and darrachequesne
Administration Console authentication bypass in openfire xmppserver High
CVE-2023-32315 was published for org.igniterealtime.openfire:xmppserver (Maven) May 23, 2023
akrherz Fishbowler
guusdk Siebene
Credited to akrherz, Fishbowler, guusdk, and Siebene
Command injection in nevado-jms High
CVE-2023-31826 was published for org.skyscreamer:nevado-jms (Maven) May 23, 2023
Unintended leak of Proxy-Authorization header in requests Moderate
CVE-2023-32681 was published for requests (pip) May 22, 2023
SmashITs tobiasfunke1
sethmlarson nateprewitt
Credited to SmashITs, tobiasfunke1, sethmlarson, and nateprewitt
Craft CMS vulnerable to Remote Code Execution via unrestricted file extension High
CVE-2023-32679 was published for craftcms/cms (Composer) May 22, 2023
awakerrday
Credited to awakerrday
Vyper's nonpayable default functions are sometimes payable Moderate
CVE-2023-32675 was published for vyper (pip) May 22, 2023
trocher
Credited to trocher
Potential for cross-site scripting in PostHog-js Moderate
CVE-2023-32325 was published for posthog-js (npm) May 22, 2023
Potential HTTP policy bypass when using header rules in Cilium Moderate
CVE-2023-30851 was published for github.com/cilium/cilium (Go) May 22, 2023
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec Moderate
CVE-2021-36154 was published for github.com/grpc/grpc-swift (Swift) May 22, 2023
Invalid push request payload crashes Parse Server Moderate
CVE-2023-32688 was published for parse-server-push-adapter (npm) May 22, 2023
dblythy mtrezza
Credited to dblythy and mtrezza
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database