GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,800
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,805
Pub
12
RubyGems
927
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+
450 advisories
Filter by severity
Denial of Service issue in quinn-proto
High
CVE-2023-42805
was published
for
quinn-proto
(Rust)
Sep 21, 2023
usememos/memos vulnerable to improper input validation
High
CVE-2023-4698
was published
for
github.com/usememos/memos
(Go)
Sep 1, 2023
Airflow Sqoop Provider RCE Vulnerability
High
CVE-2023-27604
was published
for
apache-airflow-providers-apache-sqoop
(pip)
Aug 28, 2023
Apache Airflow Spark Provider Improper Input Validation vulnerability
High
CVE-2023-40272
was published
for
apache-airflow-providers-apache-spark
(pip)
Aug 17, 2023
Woodpecker does not validate webhook before changing any data
High
CVE-2023-40034
was published
for
github.com/woodpecker-ci/woodpecker
(Go)
Aug 16, 2023
apache-airflow-providers-apache-drill Improper Input Validation vulnerability
High
CVE-2023-39553
was published
for
apache-airflow-providers-apache-drill
(pip)
Aug 11, 2023
lol-html panics on certain HTML inputs
High
CVE-2023-4241
was published
for
lol-html
(Rust)
Aug 9, 2023
import-in-the-middle has unsanitized user controlled input in module generation
High
CVE-2023-38704
was published
for
import-in-the-middle
(npm)
Aug 8, 2023
Denial of service in jackson-dataformats-text
High
CVE-2023-3894
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformats-text
(Maven)
Aug 8, 2023
Possible image tampering from missing image validation for Packages
High
CVE-2023-38495
was published
for
github.com/crossplane/crossplane
(Go)
Jul 28, 2023
Apache Airflow Apache Hive Provider Improper Input Validation vulnerability
High
CVE-2023-37415
was published
for
apache-airflow-providers-apache-hive
(pip)
Jul 13, 2023
Apache Airflow Improper Input Validation vulnerability
High
CVE-2023-22888
was published
for
apache-airflow
(pip)
Jul 12, 2023
Apache Airflow Improper Input Validation vulnerability
High
CVE-2023-36543
was published
for
apache-airflow
(pip)
Jul 12, 2023
MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form
High
CVE-2023-34457
was published
for
MechanicalSoup
(pip)
Jul 5, 2023
Apache Airflow JDBC Provider Improper Input Validation vulnerability
High
CVE-2023-22886
was published
for
apache-airflow-providers-jdbc
(pip)
Jun 29, 2023
Grav Server-side Template Injection (SSTI) via Twig Default Filters
High
CVE-2023-34448
was published
for
getgrav/grav
(Composer)
Jun 16, 2023
avo possible unsafe reflection / partial DoS vulnerability
High
CVE-2023-34102
was published
for
avo
(RubyGems)
Jun 6, 2023
mx-chain-go does not treat invalid transaction with wrong username correctly
High
CVE-2023-33964
was published
for
github.com/multiversx/mx-chain-go
(Go)
Jun 2, 2023
keep-module-latest vulnerable to Command Injection due to missing input sanitization
High
CVE-2023-26128
was published
for
keep-module-latest
(npm)
May 27, 2023
Apache OpenMeetings vulnerable to remote code execution via null-bye injection
High
CVE-2023-29246
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 12, 2023
Improper input validation in Drupal core
High
CVE-2022-25273
was published
for
drupal/core
(Composer)
Apr 26, 2023
HTTP Multiline Header Termination
High
CVE-2023-29530
was published
for
laminas/laminas-diactoros
(Composer)
Apr 24, 2023
GovernorCompatibilityBravo may trim proposal calldata
High
CVE-2023-30542
was published
for
@openzeppelin/contracts
(npm)
Apr 20, 2023
Snowflake JDBC vulnerable to command injection via SSO URL authentication
High
CVE-2023-30535
was published
for
net.snowflake:snowflake-jdbc
(Maven)
Apr 14, 2023
ProTip!
Advisories are also available from the
GraphQL API