Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,776 advisories

Loading
Cross-site Scripting in Jenkins Email Extension Plugin Moderate
CVE-2023-25763 was published for org.jenkins-ci.plugins:email-ext (Maven) Feb 15, 2023
Cross-site Scripting in Jenkins Email Extension Plugin Moderate
CVE-2023-25764 was published for org.jenkins-ci.plugins:email-ext (Maven) Feb 15, 2023
Cross-site Scripting in Jenkins JUnit Plugin Moderate
CVE-2023-25761 was published for org.jenkins-ci.plugins:junit (Maven) Feb 15, 2023
Cross-site Scripting in Jenkins Pipeline: Build Step Plugin Moderate
CVE-2023-25762 was published for org.jenkins-ci.plugins:pipeline-build-step (Maven) Feb 15, 2023
Cross-Site Request Forgery in Jenkins Azure Credentials Plugin High
CVE-2023-25767 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
Missing Authorization in Jenkins Azure Credentials Plugin Moderate
CVE-2023-25768 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
Missing Authorization in Jenkins Azure Credentials Plugin Moderate
CVE-2023-25766 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
Sandbox escape in Jenkins Email Extension Plugin Critical
CVE-2023-25765 was published for org.jenkins-ci.plugins:email-ext (Maven) Feb 15, 2023
Privilege escalation in Apache ShenYu High
CVE-2022-42735 was published for org.apache.shenyu:shenyu-admin (Maven) Feb 15, 2023
Cross Site Scripting in usememos/memos Moderate
CVE-2022-25978 was published for github.com/usememos/memos (Go) Feb 15, 2023
Resource exhaustion in Django High
CVE-2023-24580 was published for Django (pip) Feb 15, 2023
RamonvdW sunSUNQ
Credited to RamonvdW and sunSUNQ
.NET Remote Code Execution Vulnerability High
CVE-2023-21808 was published for Microsoft.NetCore.App.Runtime.win-arm (NuGet) Feb 14, 2023
Miscompilation in cortex-m-rt 0.7.1 and 0.7.2 Moderate
GHSA-xw5j-gv2g-mjm2 was published for cortex-m-rt (Rust) Feb 14, 2023
Denial of service due to unlimited number of parts High
CVE-2023-25576 was published for @fastify/multipart (npm) Feb 14, 2023
das7pad
Credited to das7pad
Cross site scripting Vulnerability in backstage Software Catalog Moderate
CVE-2023-25571 was published for @backstage/catalog-model (npm) Feb 14, 2023
MultipartParser denial of service with too many fields or files High
CVE-2023-30798 was published for starlette (pip) Feb 14, 2023
das7pad
Credited to das7pad
Command injection in Apache Sling High
CVE-2023-25141 was published for org.apache.sling:org.apache.sling.jcr.base (Maven) Feb 14, 2023
Cross-site Scripting in pimcore Moderate
CVE-2023-0827 was published for pimcore/pimcore (Composer) Feb 14, 2023
XML External Entity Reference in ureport High
CVE-2023-24187 was published for com.bstek.ureport:ureport2-core (Maven) Feb 14, 2023
Cross-Site-Scripting attack on `<RichTextField>` Moderate
CVE-2023-25572 was published for ra-ui-materialui (npm) Feb 14, 2023
daugsbi
Credited to daugsbi
Vulnerable OpenSSL included in sgx-dcap-quote-verify-python High
GHSA-344m-qcjq-xgrf was published for sgx-dcap-quote-verify-python (pip) Feb 14, 2023
clauverjat
Credited to clauverjat
Cross-site scripting in CKEditor5 Moderate
CVE-2022-48110 was published for ckeditor5 (npm) Feb 13, 2023 withdrawn
Arbitrary file deletion in ureport Critical
CVE-2023-24188 was published for com.bstek.ureport:ureport2-core (Maven) Feb 13, 2023
SameSite Attribute vulnerability in pimCore High
CVE-2023-25240 was published for pimcore/pimcore (Composer) Feb 13, 2023
Cross-site Scripting in UDX Stateless Media Plugin Moderate
CVE-2022-4905 was published for wpcloud/wp-stateless (Composer) Feb 13, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database