Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

820 advisories

Loading
H2O local file inclusion vulnerability Critical
CVE-2023-6038 was published for ai.h2o:h2o-core (Maven) Nov 16, 2023
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu Critical
CVE-2023-46732 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Nov 8, 2023
XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest Critical
CVE-2023-46731 was published for org.xwiki.platform:xwiki-platform-administration (Maven) Nov 8, 2023
XWiki Platform privilege escalation from script right to programming right through title displayer Critical
CVE-2023-46244 was published for org.xwiki.platform:xwiki-platform-display-api (Maven) Nov 7, 2023
XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token Critical
CVE-2023-46242 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Nov 7, 2023
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request Critical
CVE-2023-46502 was published for org.opencrx:opencrx-client (Maven) Oct 31, 2023
Apache ActiveMQ is vulnerable to Remote Code Execution Critical
CVE-2023-46604 was published for org.apache.activemq:activemq-client (Maven) Oct 27, 2023
nmarcoccio sunSUNQ
Credited to nmarcoccio and sunSUNQ
XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages Critical
CVE-2023-45137 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled Critical
CVE-2023-45136 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Oct 25, 2023
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title Critical
CVE-2023-45135 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
XWiki Platform XSS vulnerability from account in the create page form via template provider Critical
CVE-2023-45134 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter Critical
CVE-2023-37913 was published for org.xwiki.platform:xwiki-platform-office-importer (Maven) Oct 25, 2023
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability Critical
CVE-2023-37908 was published for org.xwiki.rendering:xwiki-rendering-xml (Maven) Oct 25, 2023
SaToken privilege escalation vulnerability Critical
CVE-2023-44794 was published for cn.dev33:sa-token-core (Maven) Oct 25, 2023
Sureness uses hardcoded key Critical
CVE-2023-31581 was published for com.usthe.sureness:sureness-core (Maven) Oct 25, 2023
Yamcs API Directory Traversal vulnerability Critical
CVE-2023-45278 was published for org.yamcs:yamcs (Maven) Oct 19, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS in the Commerce Module Critical
CVE-2023-42627 was published for com.liferay.commerce:com.liferay.commerce.address.content.web (Maven) Oct 17, 2023
XWiki Identity Oauth Privilege escalation (PR)/remote code execution from login screen through unescaped URL parameter Critical
CVE-2023-45144 was published for com.xwiki.identity-oauth:identity-oauth-ui (Maven) Oct 17, 2023
lucaswitvoet
Credited to lucaswitvoet
Liferay Portal and Liferay DXP Vulnerable to XSS via the OAuth2ProviderApplicationRedirect Class Critical
CVE-2023-44311 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS in the Wiki Widget Critical
CVE-2023-42628 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS via the Page Tree Menu Critical
CVE-2023-44310 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to Stored XSS in the Manage Vocabulary Page Critical
CVE-2023-42629 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to Reflected XSS via the Export for Translation Page Critical
CVE-2023-42497 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS in the Fragment Components Critical
CVE-2023-44309 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
XWiki Change Request Application UI XSS and remote code execution through change request title Critical
CVE-2023-45138 was published for org.xwiki.contrib.changerequest:application-changerequest-ui (Maven) Oct 17, 2023
michitux
Credited to michitux
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database