Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,790
Erlang
36
GitHub Actions
29
Go
2,370
Maven
5,000+
npm
3,994
NuGet
720
pip
3,783
Pub
12
RubyGems
927
Rust
982
Swift
38
Unreviewed advisories
All unreviewed
5,000+

11,295 advisories

Loading
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated... Moderate Unreviewed
CVE-2023-20171 was published May 18, 2023
Invalid push request payload crashes Parse Server Moderate
CVE-2023-32688 was published for parse-server-push-adapter (npm) May 22, 2023
dblythy mtrezza
The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested... High Unreviewed
CVE-2023-28649 was published May 22, 2023
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in... High Unreviewed
CVE-2023-23694 was published May 23, 2023
IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through... High Unreviewed
CVE-2023-30440 was published May 23, 2023
Insufficient validation when decoding a Socket.IO packet Moderate
CVE-2023-32695 was published for socket.io-parser (npm) May 23, 2023
rafax00 darrachequesne
Ckan remote code execution and private information access via crafted resource ids Critical
CVE-2023-32321 was published for ckan (pip) May 24, 2023
YoloClin
Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites Moderate
CVE-2023-32323 was published for matrix-synapse (pip) May 24, 2023
Ingress-nginx `path` sanitization can be bypassed with newline character Moderate
CVE-2021-25748 was published for k8s.io/ingress-nginx (Go) May 24, 2023
Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8... High Unreviewed
CVE-2023-21514 was published May 27, 2023
InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior... High Unreviewed
CVE-2023-21515 was published May 27, 2023
XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to... Critical Unreviewed
CVE-2023-21516 was published May 27, 2023
keep-module-latest vulnerable to Command Injection due to missing input sanitization High
CVE-2023-26128 was published for keep-module-latest (npm) May 27, 2023
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1. High Unreviewed
CVE-2023-2942 was published May 28, 2023
Mattermost fails to normalize UTF confusable characters when determining if a preview should be... Moderate Unreviewed
CVE-2023-2808 was published May 29, 2023
An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open... Moderate Unreviewed
CVE-2023-23754 was published May 30, 2023
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution... Unknown Unreviewed
CVE-2023-34152 was published May 31, 2023
mx-chain-go does not treat invalid transaction with wrong username correctly High
CVE-2023-33964 was published for github.com/multiversx/mx-chain-go (Go) Jun 2, 2023
Memory corruption in WLAN HOST while receiving an WMI event from firmware. High Unreviewed
CVE-2023-21656 was published Jun 6, 2023
Memoru corruption in Audio when ADSP sends input during record use case. High Unreviewed
CVE-2023-21657 was published Jun 6, 2023
avo possible unsafe reflection / partial DoS vulnerability High
CVE-2023-34102 was published for avo (RubyGems) Jun 6, 2023
FLX-0x00
A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased... Low Unreviewed
CVE-2023-2961 was published Jun 6, 2023
The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in... High Unreviewed
CVE-2023-1888 was published Jun 9, 2023
schema_element defeats protective search_path changes; It was found that certain database calls... High Unreviewed
CVE-2023-2454 was published Jun 9, 2023
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect... Moderate Unreviewed
CVE-2023-2455 was published Jun 9, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database