Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
1,316
Erlang
21
GitHub Actions
6
Go
891
Maven
3,216
npm
2,866
NuGet
259
pip
1,589
Pub
4
RubyGems
620
Rust
576
Unreviewed advisories
All unreviewed
5,000+

11,289 advisories

cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service High
GHSA-8x6c-cv3v-vp6g was published for cacheable-request (npm) Feb 11, 2023
cplummer-linq
Arbitrary code execution in de.tum.in.ase:artemis-java-test-sandbox High
GHSA-98hq-4wmw-98w9 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Feb 10, 2023
LDAP
Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following resulting in deletion of files and directories on the host system Critical
CVE-2023-25168 was published for github.com/pterodactyl/wings (Go) Feb 10, 2023
T4x0r
Denial of service via HAMT Decoding Panics Moderate
CVE-2023-23625 was published for github.com/ipfs/go-unixfs (Go) Feb 10, 2023
Jorropo
Authentication Bypass in modoboa High
CVE-2023-0777 was published for modoboa (pip) Feb 10, 2023
IPython vulnerable to command injection via set_term_title Moderate
CVE-2023-24816 was published for IPython (pip) Feb 10, 2023
IPFS go-unixfsnode subject to DOS via HAMT Decoding Panics Moderate
CVE-2023-23631 was published for github.com/ipfs/go-unixfsnode (Go) Feb 10, 2023
Jorropo
IPFS go-bitfield vulnerable to DoS via malformed size arguments Moderate
CVE-2023-23626 was published for github.com/ipfs/go-bitfield (Go) Feb 10, 2023
Jorropo
XML External Entity Reference in Apache NiFi High
CVE-2023-22832 was published for org.apache.nifi:nifi (Maven) Feb 10, 2023
StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route Moderate
CVE-2023-24815 was published for io.vertx:vertx-web (Maven) Feb 10, 2023
`pnet_packet` buffer overrun in `set_payload` setters Moderate
GHSA-cf4g-fcf8-3cr9 was published for pnet_packet (Rust) Feb 9, 2023
privilege chaining in cockpit-hq/cockpit Moderate
CVE-2023-0759 was published for cockpit-hq/cockpit (Composer) Feb 9, 2023
@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability Moderate
CVE-2023-25166 was published for @sideway/formula (npm) Feb 8, 2023
sno2
Argo CD leaks repository credentials in user-facing error messages and in logs Moderate
CVE-2023-25163 was published for github.com/argoproj/argo-cd (Go) Feb 8, 2023
Helm vulnerable to information disclosure via getHostByName Function Moderate
CVE-2023-25165 was published for helm.sh/helm/v3 (Go) Feb 8, 2023
phil9909
otelhttp and otelbeego have DoS vulnerability for high cardinality metrics High
CVE-2023-25151 was published for go.opentelemetry.io/contrib/instrumentation/github.com/astaxie/beego/otelbeego (Go) Feb 8, 2023
openssl-src subject to Timing Oracle in RSA Decryption Moderate
CVE-2022-4304 was published for openssl-src (Rust) Feb 8, 2023
openssl-src vulnerable to Use-after-free following `BIO_new_NDEF` Moderate
CVE-2023-0215 was published for openssl-src (Rust) Feb 8, 2023
openssl-src contains Read Buffer Overflow in X.509 Name Constraint Moderate
CVE-2022-4203 was published for openssl-src (Rust) Feb 8, 2023
openssl-src subject to Invalid pointer dereference in `d2i_PKCS7` functions Moderate
CVE-2023-0216 was published for openssl-src (Rust) Feb 8, 2023
openssl-src contains Double free after calling `PEM_read_bio_ex` Moderate
CVE-2022-4450 was published for openssl-src (Rust) Feb 8, 2023
openssl-src subject to NULL dereference validating DSA public key Moderate
CVE-2023-0217 was published for openssl-src (Rust) Feb 8, 2023
openssl-src contains `NULL` dereference during PKCS7 data verification Moderate
CVE-2023-0401 was published for openssl-src (Rust) Feb 8, 2023
Vulnerable OpenSSL included in cryptography wheels Moderate
CVE-2023-0286 was published for cryptography (pip) Feb 8, 2023
Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set Moderate
CVE-2023-24827 was published for github.com/anchore/syft (Go) Feb 8, 2023
wagoodman
ProTip! Advisories are also available from the GraphQL API