Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

450 advisories

Loading
Denial of Service issue in quinn-proto High
CVE-2023-42805 was published for quinn-proto (Rust) Sep 21, 2023
QUICTester
usememos/memos vulnerable to improper input validation High
CVE-2023-4698 was published for github.com/usememos/memos (Go) Sep 1, 2023
Filename spoofing in archive High
CVE-2023-39137 was published for archive (Pub) Aug 31, 2023
kj415j45
Airflow Sqoop Provider RCE Vulnerability High
CVE-2023-27604 was published for apache-airflow-providers-apache-sqoop (pip) Aug 28, 2023
Apache Airflow Spark Provider Improper Input Validation vulnerability High
CVE-2023-40272 was published for apache-airflow-providers-apache-spark (pip) Aug 17, 2023
Woodpecker does not validate webhook before changing any data High
CVE-2023-40034 was published for github.com/woodpecker-ci/woodpecker (Go) Aug 16, 2023
anbraten 6543
apache-airflow-providers-apache-drill Improper Input Validation vulnerability High
CVE-2023-39553 was published for apache-airflow-providers-apache-drill (pip) Aug 11, 2023
lol-html panics on certain HTML inputs High
CVE-2023-4241 was published for lol-html (Rust) Aug 9, 2023
import-in-the-middle has unsanitized user controlled input in module generation High
CVE-2023-38704 was published for import-in-the-middle (npm) Aug 8, 2023
Denial of service in jackson-dataformats-text High
CVE-2023-3894 was published for com.fasterxml.jackson.dataformat:jackson-dataformats-text (Maven) Aug 8, 2023
Mochis
Possible image tampering from missing image validation for Packages High
CVE-2023-38495 was published for github.com/crossplane/crossplane (Go) Jul 28, 2023
AdamKorcz DavidKorczynski
phisco
Apache Airflow Apache Hive Provider Improper Input Validation vulnerability High
CVE-2023-37415 was published for apache-airflow-providers-apache-hive (pip) Jul 13, 2023
Apache Airflow Improper Input Validation vulnerability High
CVE-2023-22888 was published for apache-airflow (pip) Jul 12, 2023
Apache Airflow Improper Input Validation vulnerability High
CVE-2023-36543 was published for apache-airflow (pip) Jul 12, 2023
Apache Airflow JDBC Provider Improper Input Validation vulnerability High
CVE-2023-22886 was published for apache-airflow-providers-jdbc (pip) Jun 29, 2023
Grav Server-side Template Injection (SSTI) via Twig Default Filters High
CVE-2023-34448 was published for getgrav/grav (Composer) Jun 16, 2023
jacobsoo
avo possible unsafe reflection / partial DoS vulnerability High
CVE-2023-34102 was published for avo (RubyGems) Jun 6, 2023
FLX-0x00
mx-chain-go does not treat invalid transaction with wrong username correctly High
CVE-2023-33964 was published for github.com/multiversx/mx-chain-go (Go) Jun 2, 2023
keep-module-latest vulnerable to Command Injection due to missing input sanitization High
CVE-2023-26128 was published for keep-module-latest (npm) May 27, 2023
Apache OpenMeetings vulnerable to remote code execution via null-bye injection High
CVE-2023-29246 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 12, 2023
Improper input validation in Drupal core High
CVE-2022-25273 was published for drupal/core (Composer) Apr 26, 2023
HTTP Multiline Header Termination High
CVE-2023-29530 was published for laminas/laminas-diactoros (Composer) Apr 24, 2023
GrahamCampbell TimWolla
GovernorCompatibilityBravo may trim proposal calldata High
CVE-2023-30542 was published for @openzeppelin/contracts (npm) Apr 20, 2023
Snowflake JDBC vulnerable to command injection via SSO URL authentication High
CVE-2023-30535 was published for net.snowflake:snowflake-jdbc (Maven) Apr 14, 2023
ProTip! Advisories are also available from the GraphQL API