Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

102 advisories

Loading
Remote Code Execution for 2.4.1 and earlier Critical
CVE-2023-36812 was published for net.opentsdb:opentsdb (Maven) Jun 30, 2023
oxeye-daniel Credited to oxeye-daniel and oxeye-gal oxeye-gal oxeye-gal
XWiki Platform vulnerable to Code injection through NotificationRSSService Critical
CVE-2023-36469 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Jun 30, 2023
XWiki Platform vulnerable to Code Injection in icon themes Critical
CVE-2023-36470 was published for org.xwiki.platform:xwiki-platform-icon-default (Maven) Jun 30, 2023
org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted Critical
CVE-2023-36471 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Jun 30, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-32314 was published for vm2 (npm) May 15, 2023
arkark Credited to arkark
XWiki Platform vulnerable to privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration Critical
CVE-2023-29525 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection from account through AWM view sheet Critical
CVE-2023-29527 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Apr 20, 2023
XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode Critical
CVE-2023-29526 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection from account through XWiki.SchedulerJobSheet Critical
CVE-2023-29524 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection in display method used in user profiles Critical
CVE-2023-29523 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 20, 2023
XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector Critical
CVE-2023-29516 was published for org.xwiki.platform:xwiki-platform-attachment-ui (Maven) Apr 20, 2023
XWiki vulnerable to Code Injection in template provider administration Critical
CVE-2023-29514 was published for org.xwiki.platform.applications:xwiki-application-administration (Maven) Apr 20, 2023
xwiki-platform-web-templates vulnerable to Eval Injection Critical
CVE-2023-29512 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 20, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-30547 was published for vm2 (npm) Apr 20, 2023
leesh3288 Credited to leesh3288
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin Critical
CVE-2023-22621 was published for @strapi/plugin-email (npm) Apr 19, 2023
derrickmehaffy Credited to derrickmehaffy, Ccamm, and Convly Ccamm Ccamm
Convly Convly
Code injection via unescaped translations in xwiki-platform Critical
CVE-2023-29510 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Apr 19, 2023
org.xwiki.platform:xwiki-platform-logging-ui Eval Injection vulnerability Critical
CVE-2023-29213 was published for org.xwiki.platform:xwiki-platform-logging-ui (Maven) Apr 12, 2023
LangChain vulnerable to code injection Critical
CVE-2023-29374 was published for langchain (pip) Apr 5, 2023
org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection Critical
CVE-2023-27479 was published for org.xwiki.platform:xwiki-platform-panels-ui (Maven) Mar 8, 2023
Apache Kerby LdapIdentityBackend LDAP Injection vulnerability Critical
CVE-2023-25613 was published for org.apache.kerby:ldap-backend (Maven) Feb 20, 2023
Apache Karaf vulnerable to potential code injection Critical
CVE-2022-40145 was published for org.apache.karaf:apache-karaf (Maven) Dec 21, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution Critical
CVE-2020-36618 was published for whois (npm) Dec 19, 2022
npm package rfc6902 vulnerable to Prototype Pollution Critical
CVE-2021-4245 was published for rfc6902 (npm) Dec 15, 2022
Code injection in quarkus dev ui config editor Critical
CVE-2022-4116 was published for io.quarkus:quarkus-vertx-http-deployment (Maven) Nov 22, 2022
jmini Credited to jmini
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui Critical
CVE-2022-41934 was published for org.xwiki.platform:xwiki-platform-menu-ui (Maven) Nov 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database