Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,362
Erlang
33
GitHub Actions
22
Go
2,133
Maven
5,000+
npm
3,797
NuGet
686
pip
3,473
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

352 advisories

Loading
Remote Code Execution for 2.4.1 and earlier Critical
CVE-2023-36812 was published for net.opentsdb:opentsdb (Maven) Jun 30, 2023
oxeye-daniel oxeye-gal
XWiki Platform vulnerable to Code injection through NotificationRSSService Critical
CVE-2023-36469 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Jun 30, 2023
XWiki Platform vulnerable to Code Injection in icon themes Critical
CVE-2023-36470 was published for org.xwiki.platform:xwiki-platform-icon-default (Maven) Jun 30, 2023
org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted Critical
CVE-2023-36471 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Jun 30, 2023
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Moderate
CVE-2022-3215 was published for github.com/apple/swift-nio (Swift) Jun 7, 2023
dellalibera
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers High
CVE-2023-0040 was published for github.com/swift-server/async-http-client (Swift) Jun 7, 2023
dellalibera
Abstrium Pydio Cells Resource Injection vulnerability Moderate
CVE-2023-2980 was published for github.com/pydio/cells/v4 (Go) May 30, 2023
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function High
CVE-2023-26127 was published for n158 (npm) May 27, 2023
Craft CMS vulnerable to Remote Code Execution via unrestricted file extension High
CVE-2023-32679 was published for craftcms/cms (Composer) May 22, 2023
awakerrday
vm2 vulnerable to Inspect Manipulation Moderate
CVE-2023-32313 was published for vm2 (npm) May 17, 2023
arkark
vm2 Sandbox Escape vulnerability Critical
CVE-2023-32314 was published for vm2 (npm) May 15, 2023
arkark
Apache StreamPark LDAP Injection vulnerability Moderate
CVE-2022-45801 was published for org.apache.streampark:streampark (Maven) May 1, 2023
HTML injection in search results via plaintext message highlighting High
CVE-2023-30609 was published for matrix-react-sdk (npm) Apr 25, 2023
XWiki Platform vulnerable to privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration Critical
CVE-2023-29525 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection from account through AWM view sheet Critical
CVE-2023-29527 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Apr 20, 2023
XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode Critical
CVE-2023-29526 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection from account through XWiki.SchedulerJobSheet Critical
CVE-2023-29524 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection in display method used in user profiles Critical
CVE-2023-29523 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection from view right on XWiki.ClassSheet High
CVE-2023-29522 was published for org.xwiki.platform:xwiki-platform-xclass-ui (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection from account/view through VFS Tree macro High
CVE-2023-29521 was published for org.xwiki.platform:xwiki-platform-vfs-ui (Maven) Apr 20, 2023
org.xwiki.platform:xwiki-platform-attachment-ui vulnerable to Code Injection High
CVE-2023-29519 was published for org.xwiki.platform:xwiki-platform-attachment-ui (Maven) Apr 20, 2023
XWiki Platform vulnerable to privilege escalation from view right using Invitation.InvitationCommon High
CVE-2023-29518 was published for org.xwiki.platform:xwiki-platform-invitation-ui (Maven) Apr 20, 2023
XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector Critical
CVE-2023-29516 was published for org.xwiki.platform:xwiki-platform-attachment-ui (Maven) Apr 20, 2023
XWiki vulnerable to Code Injection in template provider administration Critical
CVE-2023-29514 was published for org.xwiki.platform.applications:xwiki-application-administration (Maven) Apr 20, 2023
xwiki-platform-web-templates vulnerable to Eval Injection Critical
CVE-2023-29512 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database