Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,713
NuGet
661
pip
3,386
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

835 advisories

Loading
IBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a... High Unreviewed
CVE-2023-30995 was published Sep 8, 2023
The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin,... High Unreviewed
CVE-2023-4019 was published Sep 4, 2023
A vulnerability was found in subscription-manager that allows local privilege escalation due to... High Unreviewed
CVE-2023-3899 was published Aug 23, 2023
TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication... High Unreviewed
CVE-2023-33237 was published Aug 17, 2023
Vulnerability of incomplete permission verification in the input method module. Successful... High Unreviewed
CVE-2023-39384 was published Aug 13, 2023
Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may... High Unreviewed
CVE-2022-29871 was published Aug 11, 2023
The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7... High Unreviewed
CVE-2023-37491 was published Aug 8, 2023
The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass... High Unreviewed
CVE-2023-32783 was published Aug 7, 2023
Field injection in the KirbyData text storage handler High
CVE-2023-38488 was published for getkirby/cms (Composer) Jul 28, 2023
dapatrese
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission... High Unreviewed
CVE-2023-2640 was published Jul 26, 2023
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data... High Unreviewed
CVE-2023-32629 was published Jul 26, 2023
Paths contain matrix variables bypass decorators High
CVE-2023-38493 was published for com.linecorp.armeria:armeria (Maven) Jul 25, 2023
An access control issue in WebBoss.io CMS v3.7.0 allows attackers to access the Website Backup... High Unreviewed
CVE-2023-36339 was published Jul 21, 2023
Spring Security's authorization rules can be misconfigured when using multiple servlets High
CVE-2023-34035 was published for org.springframework.security:spring-security-config (Maven) Jul 18, 2023
An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain... High Unreviewed
CVE-2022-26563 was published Jul 18, 2023
The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized... High Unreviewed
CVE-2023-3459 was published Jul 18, 2023
Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted... High Unreviewed
CVE-2023-3590 was published Jul 17, 2023
A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated... High Unreviewed
CVE-2023-2759 was published Jul 17, 2023
In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time... High Unreviewed
CVE-2023-21254 was published Jul 13, 2023
In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via... High Unreviewed
CVE-2023-21256 was published Jul 13, 2023
Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization High
CVE-2023-30428 was published for org.apache.pulsar:pulsar-broker (Maven) Jul 12, 2023
Apache Airflow Incorrect Authorization vulnerability High
CVE-2023-35908 was published for apache-airflow (pip) Jul 12, 2023
sunSUNQ
SGUDA U-Lock central lock control service’s user management function has incorrect authorization.... High Unreviewed
CVE-2022-46308 was published Jul 6, 2023
SGUDA U-Lock central lock control service’s lock management function has incorrect authorization.... High Unreviewed
CVE-2022-46307 was published Jul 6, 2023
Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as... High Unreviewed
CVE-2023-2534 was published Jul 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database