Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,005 advisories

Loading
A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions.... High Unreviewed
CVE-2022-3248 was published Oct 5, 2023
An improper access control flaw was found in Candlepin. An attacker can create data scoped under... High Unreviewed
CVE-2023-1832 was published Oct 4, 2023
Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0... High Unreviewed
CVE-2023-4997 was published Oct 4, 2023
An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12... High Unreviewed
CVE-2023-5106 was published Oct 2, 2023
Quarkus HTTP vulnerable to incorrect evaluation of permissions High
CVE-2023-4853 was published for io.quarkus:quarkus-csrf-reactive (Maven) Sep 20, 2023
** UNSUPPPORTED WHEN ASSIGNED ** Incorrect authorisation in ekorCCP and ekorRCI, which could... High Unreviewed
CVE-2022-47553 was published Sep 19, 2023
Weak access control in Wing FTP Server (Admin Web Client) allows for privilege escalation.This... High Unreviewed
CVE-2023-37881 was published Sep 15, 2023
A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which... High Unreviewed
CVE-2023-4814 was published Sep 14, 2023
A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress... High Unreviewed
CVE-2023-20191 was published Sep 13, 2023
IBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a... High Unreviewed
CVE-2023-30995 was published Sep 8, 2023
The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin,... High Unreviewed
CVE-2023-4019 was published Sep 4, 2023
A vulnerability was found in subscription-manager that allows local privilege escalation due to... High Unreviewed
CVE-2023-3899 was published Aug 23, 2023
TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication... High Unreviewed
CVE-2023-33237 was published Aug 17, 2023
Vulnerability of incomplete permission verification in the input method module. Successful... High Unreviewed
CVE-2023-39384 was published Aug 13, 2023
Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may... High Unreviewed
CVE-2022-29871 was published Aug 11, 2023
The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7... High Unreviewed
CVE-2023-37491 was published Aug 8, 2023
The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass... High Unreviewed
CVE-2023-32783 was published Aug 7, 2023
Field injection in the KirbyData text storage handler High
CVE-2023-38488 was published for getkirby/cms (Composer) Jul 28, 2023
dapatrese
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission... High Unreviewed
CVE-2023-2640 was published Jul 26, 2023
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data... High Unreviewed
CVE-2023-32629 was published Jul 26, 2023
Paths contain matrix variables bypass decorators High
CVE-2023-38493 was published for com.linecorp.armeria:armeria (Maven) Jul 25, 2023
An access control issue in WebBoss.io CMS v3.7.0 allows attackers to access the Website Backup... High Unreviewed
CVE-2023-36339 was published Jul 21, 2023
Spring Security's authorization rules can be misconfigured when using multiple servlets High
CVE-2023-34035 was published for org.springframework.security:spring-security-config (Maven) Jul 18, 2023
An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain... High Unreviewed
CVE-2022-26563 was published Jul 18, 2023
The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized... High Unreviewed
CVE-2023-3459 was published Jul 18, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database