The Wayback Machine - https://web.archive.org/web/20230418042651/https://github.com/advisories
Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
1,474
Erlang
20
GitHub Actions
8
Go
998
Maven
3,430
npm
2,949
NuGet
267
pip
1,684
Pub
5
RubyGems
668
Rust
606
Unreviewed advisories
All unreviewed
5,000+

12,019 advisories

OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated Low
CVE-2023-30541 was published for @openzeppelin/contracts (npm) Apr 17, 2023
Parsing borsh messages with ZST which are not-copy/clone is unsound Moderate
GHSA-fjx5-qpf4-xjf2 was published for borsh (Rust) Apr 17, 2023
Snowflake JDBC vulnerable to command injection via SSO URL authentication High
CVE-2023-30535 was published for net.snowflake:snowflake-jdbc (Maven) Apr 14, 2023
matrix-js-sdk vulnerable to invisible eavesdropping in group calls Moderate
CVE-2023-29529 was published for matrix-js-sdk (npm) Apr 14, 2023
froxlor/froxlor vulnerable to Unrestricted Upload of File with Dangerous Type Critical
CVE-2023-2034 was published for froxlor/froxlor (Composer) Apr 14, 2023
Spring Session session ID can be logged to the standard output stream Moderate
CVE-2023-20866 was published for org.springframework.session:spring-session-core (Maven) Apr 13, 2023
Spring Framework vulnerable to denial of service High
CVE-2023-20863 was published for org.springframework:spring-core (Maven) Apr 13, 2023
SpiceDB binding metrics port to untrusted networks and can leak command-line flags High
CVE-2023-29193 was published for github.com/authzed/spicedb (Go) Apr 13, 2023
amit-laish
nilsteampassnet/teampass vulnerable to stored cross-site scripting (XSS) Moderate
CVE-2023-2021 was published for nilsteampassnet/teampass (Composer) Apr 13, 2023
Microweber vulnerable to cross-site scripting (XSS) Moderate
CVE-2023-2014 was published for microweber/microweber (Composer) Apr 13, 2023
Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro High
CVE-2023-29207 was published for org.xwiki.platform:xwiki-platform-flamingo (Maven) Apr 12, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-29199 was published for vm2 (npm) Apr 12, 2023
leesh3288
OpenFeature Operator vulnerable to Cluster-level Privilege Escalation Moderate
CVE-2023-29018 was published for github.com/open-feature/open-feature-operator (Go) Apr 12, 2023
younaman thisthat
bacherfl
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm Low
CVE-2023-29203 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins Critical
CVE-2023-29206 was published for org.xwiki.platform:xwiki-platform-skin-skinx (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro Critical
CVE-2023-29205 was published for org.xwiki.platform:xwiki-platform-rendering-xwiki (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability Moderate
CVE-2023-29204 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability Critical
CVE-2023-29202 was published for org.xwiki.platform:xwiki-core-rendering-macro-rss (Maven) Apr 12, 2023
org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability Critical
CVE-2023-29201 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Apr 12, 2023
xwiki-platform-administration-ui vulnerable to privilege escalation Critical
CVE-2023-29511 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation Critical
CVE-2023-30537 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability Critical
CVE-2023-29509 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting High
CVE-2023-29508 was published for org.xwiki.platform:xwiki-platform-livedata-macro (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors Critical
CVE-2023-29507 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 12, 2023
tmortagne
org.xwiki.platform:xwiki-platform-security-authentication-default XSS with authenticate endpoints Moderate
CVE-2023-29506 was published for org.xwiki.platform:xwiki-platform-security-authentication-default (Maven) Apr 12, 2023
rekter0
ProTip! Advisories are also available from the GraphQL API