GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
2,384
Erlang
24
GitHub Actions
11
Go
1,315
Maven
4,211
npm
3,227
NuGet
540
pip
2,207
Pub
7
RubyGems
762
Rust
674
Swift
31
Unreviewed advisories
All unreviewed
5,000+
15,213 advisories
Filter by severity
Cross-site Scripting in DOMSanitizer
Moderate
CVE-2023-49146
was published
for
rhukster/dom-sanitizer
(Composer)
Nov 23, 2023
Cleartext Storage of Sensitive Information in HMAC SHA256 Authentication
Moderate
GHSA-v427-c49j-8w6x
was published
for
codeigniter4/shield
(Composer)
Nov 23, 2023
Insertion of Sensitive Information into Log
Moderate
GHSA-j72f-h752-mx4w
was published
for
codeigniter4/shield
(Composer)
Nov 23, 2023
Cross-site Scripting potential in custom links, job buttons, and computed fields
High
CVE-2023-48705
was published
for
nautobot
(pip)
Nov 22, 2023
Cross-site Scripting via uploaded assets
High
CVE-2023-48701
was published
for
statamic/cms
(Composer)
Nov 22, 2023
Directory Traversal in jeecg-boot
Moderate
CVE-2023-47467
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Nov 22, 2023
Cross Site Request Forgery in SwiftyEdit
Moderate
CVE-2023-47350
was published
for
swiftyedit/swiftyedit
(Composer)
Nov 22, 2023
Cross-site Scripting in Admidio
Moderate
CVE-2023-47380
was published
for
admidio/admidio
(Composer)
Nov 22, 2023
SQL injection in Apache Submarine
High
CVE-2023-37924
was published
for
apache-submarine
(pip)
Nov 22, 2023
Elasticsearch Improper Handling of Exceptional Conditions
Moderate
CVE-2023-46673
was published
for
org.elasticsearch:elasticsearch
(Maven)
Nov 22, 2023
APM Java Agent Local Privilege Escalation issue
High
CVE-2021-37942
was published
for
co.elastic.apm:apm-agent-parent
(Maven)
Nov 22, 2023
Exposure of Sensitive Information in Elastic APM .NET Agent
Low
CVE-2021-22143
was published
for
Elastic.Apm
(NuGet)
Nov 22, 2023
Clear Text Credentials Exposed via Onboarding Task
High
CVE-2023-48700
was published
for
nautobot-device-onboarding
(pip)
Nov 21, 2023
Download to arbitrary folder can lead to RCE
High
CVE-2023-47890
was published
for
pyload-ng
(pip)
Nov 21, 2023
Decryption of malicious PBES2 JWE objects can consume unbounded system resources
Moderate
GHSA-2c7c-3mj9-8fqh
was published
for
github.com/go-jose/go-jose/v3
(Go)
Nov 21, 2023
Possible user mocking that bypasses basic authentication
Moderate
CVE-2023-48309
was published
for
next-auth
(npm)
Nov 20, 2023
Bypass of field access control in strapi-plugin-protected-populate
Moderate
CVE-2023-48218
was published
for
strapi-plugin-protected-populate
(npm)
Nov 20, 2023
Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries
High
CVE-2023-48293
was published
for
org.xwiki.contrib:xwiki-application-admintools
(Maven)
Nov 20, 2023
Run Shell Command allows Cross-Site Request Forgery
Critical
CVE-2023-48292
was published
for
org.xwiki.contrib:xwiki-application-admintools
(Maven)
Nov 20, 2023
Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest service
High
CVE-2023-48241
was published
for
org.xwiki.platform:xwiki-platform-search-solr-query
(Maven)
Nov 20, 2023
Cookies are sent to external images in rendered diff (and server side request forgery)
Critical
CVE-2023-48240
was published
for
org.xwiki.platform:xwiki-platform-diff-xml
(Maven)
Nov 20, 2023
Deserialization of Untrusted Data in apache-submarine
High
CVE-2023-46302
was published
for
apache-submarine
(pip)
Nov 20, 2023
ProTip!
Advisories are also available from the
GraphQL API

Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
