Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,318
Erlang
31
GitHub Actions
21
Go
2,074
Maven
5,000+
npm
3,746
NuGet
674
pip
3,434
Pub
12
RubyGems
892
Rust
880
Swift
37
Unreviewed advisories
All unreviewed
5,000+

226 advisories

Loading
The go command may execute arbitrary code at build time when using cgo. This may occur when... Critical Unreviewed
CVE-2023-29405 was published Jun 8, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-32314 was published for vm2 (npm) May 15, 2023
arkark
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates... Critical Unreviewed
CVE-2023-24540 was published May 11, 2023
ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable,... Critical Unreviewed
CVE-2023-29827 was published May 4, 2023
XWiki Platform vulnerable to privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration Critical
CVE-2023-29525 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection from account through AWM view sheet Critical
CVE-2023-29527 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Apr 20, 2023
XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode Critical
CVE-2023-29526 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection from account through XWiki.SchedulerJobSheet Critical
CVE-2023-29524 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection in display method used in user profiles Critical
CVE-2023-29523 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 20, 2023
XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector Critical
CVE-2023-29516 was published for org.xwiki.platform:xwiki-platform-attachment-ui (Maven) Apr 20, 2023
XWiki vulnerable to Code Injection in template provider administration Critical
CVE-2023-29514 was published for org.xwiki.platform.applications:xwiki-application-administration (Maven) Apr 20, 2023
xwiki-platform-web-templates vulnerable to Eval Injection Critical
CVE-2023-29512 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 20, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-30547 was published for vm2 (npm) Apr 20, 2023
leesh3288
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin Critical
CVE-2023-22621 was published for @strapi/plugin-email (npm) Apr 19, 2023
derrickmehaffy Ccamm
Convly
Code injection via unescaped translations in xwiki-platform Critical
CVE-2023-29510 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Apr 19, 2023
org.xwiki.platform:xwiki-platform-logging-ui Eval Injection vulnerability Critical
CVE-2023-29213 was published for org.xwiki.platform:xwiki-platform-logging-ui (Maven) Apr 12, 2023
LangChain vulnerable to code injection Critical
CVE-2023-29374 was published for langchain (pip) Apr 5, 2023
Simple Image Gallery v1.0 was discovered to contain a remote code execution (RCE) vulnerability... Critical Unreviewed
CVE-2023-27040 was published Mar 16, 2023
org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection Critical
CVE-2023-27479 was published for org.xwiki.platform:xwiki-platform-panels-ui (Maven) Mar 8, 2023
In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication... Critical Unreviewed
CVE-2023-26261 was published Mar 8, 2023
Apache Kerby LdapIdentityBackend LDAP Injection vulnerability Critical
CVE-2023-25613 was published for org.apache.kerby:ldap-backend (Maven) Feb 20, 2023
A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as... Critical Unreviewed
CVE-2017-20174 was published Jan 19, 2023
A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14... Critical Unreviewed
CVE-2015-10062 was published Jan 17, 2023
A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP.... Critical Unreviewed
CVE-2015-10027 was published Jan 7, 2023
A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as... Critical Unreviewed
CVE-2016-15007 was published Jan 2, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database