Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,064
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

285 advisories

Loading
Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this... Critical Unreviewed
CVE-2023-44118 was published Oct 11, 2023
An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0... Critical Unreviewed
CVE-2023-41679 was published Oct 10, 2023
HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or... Critical Unreviewed
CVE-2023-5365 was published Oct 9, 2023
Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well... Critical Unreviewed
CVE-2023-43696 was published Oct 9, 2023
A remote unauthorized attacker may connect to the SIM1012, interact with the device and change... Critical Unreviewed
CVE-2023-5288 was published Sep 29, 2023
TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access... Critical Unreviewed
CVE-2023-43141 was published Sep 25, 2023
** UNSUPPPORTED WHEN ASSIGNED ** Devices ekorCCP and ekorRCI are vulnerable due to access to the... Critical Unreviewed
CVE-2022-47558 was published Sep 19, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2... Critical Unreviewed
CVE-2023-5009 was published Sep 19, 2023
An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in... Critical Unreviewed
CVE-2023-40039 was published Sep 11, 2023
Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9... Critical Unreviewed
CVE-2023-37759 was published Sep 8, 2023
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation... Critical Unreviewed
CVE-2023-31242 was published Sep 5, 2023
Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos Critical
CVE-2023-4696 was published for github.com/usememos/memos (Go) Sep 1, 2023
XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution Critical
CVE-2023-40573 was published for com.xpn.xwiki.platform.plugins:xwiki-plugin-scheduler (Maven) Aug 23, 2023
Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version... Critical Unreviewed
CVE-2023-25775 was published Aug 11, 2023
SAP PowerDesigner - version 16.7, has improper access control which might allow an... Critical Unreviewed
CVE-2023-37483 was published Aug 8, 2023
Access Control Bypass in Spring Security Critical
CVE-2023-34034 was published for org.springframework.security:spring-security-config (Maven) Jul 19, 2023
bbossola furti
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device... Critical Unreviewed
CVE-2023-29130 was published Jul 11, 2023
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller... Critical Unreviewed
CVE-2023-24489 was published Jul 11, 2023
?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access... Critical Unreviewed
CVE-2023-30765 was published Jul 10, 2023
Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and... Critical Unreviewed
CVE-2023-1834 was published Jul 6, 2023
A privilege escalation allowing remote code execution was discovered in the orchestration service. Critical Unreviewed
CVE-2023-2530 was published Jun 7, 2023
The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing... Critical Unreviewed
CVE-2021-4380 was published Jun 7, 2023
Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and... Critical Unreviewed
CVE-2023-31241 was published May 22, 2023
XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode Critical
CVE-2023-29526 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 20, 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of... Critical Unreviewed
CVE-2023-27350 was published Apr 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database