Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,701
Maven
5,000+
npm
4,328
NuGet
761
pip
4,103
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,889 advisories

Loading
Synopsys Jenkins Coverity Plugin has Incorrect Default Permissions Moderate
CVE-2023-23850 was published for org.jenkins-ci.plugins:synopsys-coverity (Maven) Feb 15, 2023
CSRF vulnerability in Jenkins Coverity Plugin allow capturing credentials Moderate
CVE-2023-23848 was published for org.jenkins-ci.plugins:synopsys-coverity (Maven) Feb 15, 2023
Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug Moderate
GHSA-76r7-h46w-463r was published for pimcore/pimcore (Composer) Feb 15, 2023
Sanket-722
Credited to Sanket-722
No protection against brute-force attacks on login page High
CVE-2023-25156 was published for kiwitcms (pip) Feb 15, 2023
Denial of service vulnerability on Password reset page High
CVE-2023-25171 was published for kiwitcms (pip) Feb 15, 2023
mosaa404
Credited to mosaa404
Denial of service vulnerability when parsing multipart request body High
CVE-2023-25578 was published for starlite (pip) Feb 15, 2023
das7pad
Credited to das7pad
Incorrect parsing of nameless cookies leads to __Host- cookies bypass Low
CVE-2023-23934 was published for Werkzeug (pip) Feb 15, 2023
lavish
Credited to lavish
High resource usage when parsing multipart form data with many fields High
CVE-2023-25577 was published for Werkzeug (pip) Feb 15, 2023
das7pad
Credited to das7pad
Cross-site Scripting in Jenkins Email Extension Plugin Moderate
CVE-2023-25763 was published for org.jenkins-ci.plugins:email-ext (Maven) Feb 15, 2023
Cross-site Scripting in Jenkins Email Extension Plugin Moderate
CVE-2023-25764 was published for org.jenkins-ci.plugins:email-ext (Maven) Feb 15, 2023
Cross-site Scripting in Jenkins Pipeline: Build Step Plugin Moderate
CVE-2023-25762 was published for org.jenkins-ci.plugins:pipeline-build-step (Maven) Feb 15, 2023
Cross-site Scripting in Jenkins JUnit Plugin Moderate
CVE-2023-25761 was published for org.jenkins-ci.plugins:junit (Maven) Feb 15, 2023
Cross-Site Request Forgery in Jenkins Azure Credentials Plugin High
CVE-2023-25767 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
Missing Authorization in Jenkins Azure Credentials Plugin Moderate
CVE-2023-25768 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
Missing Authorization in Jenkins Azure Credentials Plugin Moderate
CVE-2023-25766 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
Sandbox escape in Jenkins Email Extension Plugin Critical
CVE-2023-25765 was published for org.jenkins-ci.plugins:email-ext (Maven) Feb 15, 2023
Privilege escalation in Apache ShenYu High
CVE-2022-42735 was published for org.apache.shenyu:shenyu-admin (Maven) Feb 15, 2023
Cross Site Scripting in usememos/memos Moderate
CVE-2022-25978 was published for github.com/usememos/memos (Go) Feb 15, 2023
Resource exhaustion in Django High
CVE-2023-24580 was published for Django (pip) Feb 15, 2023
RamonvdW sunSUNQ
Credited to RamonvdW and sunSUNQ
.NET Remote Code Execution Vulnerability High
CVE-2023-21808 was published for Microsoft.NetCore.App.Runtime.win-arm (NuGet) Feb 14, 2023
Miscompilation in cortex-m-rt 0.7.1 and 0.7.2 Moderate
GHSA-xw5j-gv2g-mjm2 was published for cortex-m-rt (Rust) Feb 14, 2023
Denial of service due to unlimited number of parts High
CVE-2023-25576 was published for @fastify/multipart (npm) Feb 14, 2023
das7pad
Credited to das7pad
Cross site scripting Vulnerability in backstage Software Catalog Moderate
CVE-2023-25571 was published for @backstage/catalog-model (npm) Feb 14, 2023
MultipartParser denial of service with too many fields or files High
CVE-2023-30798 was published for starlette (pip) Feb 14, 2023
das7pad
Credited to das7pad
Command injection in Apache Sling High
CVE-2023-25141 was published for org.apache.sling:org.apache.sling.jcr.base (Maven) Feb 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database