The Wayback Machine - https://web.archive.org/web/20231123043033/https://github.com/advisories
Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

15,213 advisories

Cross-site Scripting in DOMSanitizer Moderate
CVE-2023-49146 was published for rhukster/dom-sanitizer (Composer) Nov 23, 2023
Cleartext Storage of Sensitive Information in HMAC SHA256 Authentication Moderate
GHSA-v427-c49j-8w6x was published for codeigniter4/shield (Composer) Nov 23, 2023
Insertion of Sensitive Information into Log Moderate
GHSA-j72f-h752-mx4w was published for codeigniter4/shield (Composer) Nov 23, 2023
Cross-site Scripting potential in custom links, job buttons, and computed fields High
CVE-2023-48705 was published for nautobot (pip) Nov 22, 2023
Cross-site Scripting via uploaded assets High
CVE-2023-48701 was published for statamic/cms (Composer) Nov 22, 2023
Cyber-Wo0dy
Directory Traversal in jeecg-boot Moderate
CVE-2023-47467 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Nov 22, 2023
Cross Site Request Forgery in SwiftyEdit Moderate
CVE-2023-47350 was published for swiftyedit/swiftyedit (Composer) Nov 22, 2023
Cross-site Scripting in Admidio Moderate
CVE-2023-47380 was published for admidio/admidio (Composer) Nov 22, 2023
SQL injection in Apache Submarine High
CVE-2023-37924 was published for apache-submarine (pip) Nov 22, 2023
Elasticsearch Improper Handling of Exceptional Conditions Moderate
CVE-2023-46673 was published for org.elasticsearch:elasticsearch (Maven) Nov 22, 2023
APM Java Agent Local Privilege Escalation issue High
CVE-2021-37942 was published for co.elastic.apm:apm-agent-parent (Maven) Nov 22, 2023
Exposure of Sensitive Information in Elastic APM .NET Agent Low
CVE-2021-22143 was published for Elastic.Apm (NuGet) Nov 22, 2023
Clear Text Credentials Exposed via Onboarding Task High
CVE-2023-48700 was published for nautobot-device-onboarding (pip) Nov 21, 2023
whitej6 bryanculver
scetron
Download to arbitrary folder can lead to RCE High
CVE-2023-47890 was published for pyload-ng (pip) Nov 21, 2023
vergl4s
Eval Injection in fastbots High
CVE-2023-48699 was published for fastbots (pip) Nov 21, 2023
ubertidavide
Decryption of malicious PBES2 JWE objects can consume unbounded system resources Moderate
GHSA-2c7c-3mj9-8fqh was published for github.com/go-jose/go-jose/v3 (Go) Nov 21, 2023
TorchServe ZipSlip Moderate
CVE-2023-48299 was published for torchserve (pip) Nov 21, 2023
Possible user mocking that bypasses basic authentication Moderate
CVE-2023-48309 was published for next-auth (npm) Nov 20, 2023
securing dastaj
magnunm balazsorban44 ThangHuuVu
Bypass of field access control in strapi-plugin-protected-populate Moderate
CVE-2023-48218 was published for strapi-plugin-protected-populate (npm) Nov 20, 2023
Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries High
CVE-2023-48293 was published for org.xwiki.contrib:xwiki-application-admintools (Maven) Nov 20, 2023
Run Shell Command allows Cross-Site Request Forgery Critical
CVE-2023-48292 was published for org.xwiki.contrib:xwiki-application-admintools (Maven) Nov 20, 2023
Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest service High
CVE-2023-48241 was published for org.xwiki.platform:xwiki-platform-search-solr-query (Maven) Nov 20, 2023
Cookies are sent to external images in rendered diff (and server side request forgery) Critical
CVE-2023-48240 was published for org.xwiki.platform:xwiki-platform-diff-xml (Maven) Nov 20, 2023
JWT Algorithm Confusion Moderate
CVE-2023-48223 was published for fast-jwt (npm) Nov 20, 2023
PinkDraconian
Deserialization of Untrusted Data in apache-submarine High
CVE-2023-46302 was published for apache-submarine (pip) Nov 20, 2023
ProTip! Advisories are also available from the GraphQL API