Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,246 advisories

Loading
Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier... Critical Unreviewed
CVE-2023-26573 was published Oct 25, 2023
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to... High Unreviewed
CVE-2023-43045 was published Oct 23, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2023-22101 was published Oct 18, 2023
Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality... High Unreviewed
CVE-2023-22087 was published Oct 18, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... Critical Unreviewed
CVE-2023-22069 was published Oct 18, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... Critical Unreviewed
CVE-2023-22072 was published Oct 18, 2023
Vulnerability of access permissions not being strictly verified in the APPWidget module... Critical Unreviewed
CVE-2023-44116 was published Oct 11, 2023
Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete... Critical Unreviewed
CVE-2023-43271 was published Oct 9, 2023
An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored... High Unreviewed
CVE-2023-4884 was published Oct 3, 2023
Sensitive information disclosure and manipulation due to improper authentication. The following... Moderate Unreviewed
CVE-2023-44152 was published Sep 27, 2023
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP... Moderate Unreviewed
CVE-2023-4506 was published Sep 27, 2023
The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2023-4505 was published Sep 27, 2023
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX... Moderate Unreviewed
CVE-2023-36851 was published Sep 27, 2023
Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy Moderate
CVE-2023-41333 was published for github.com/cilium/cilium (Go) Sep 27, 2023
odinuge
sing-box vulnerable to improper authentication in the SOCKS inbound Critical
CVE-2023-43644 was published for github.com/sagernet/sing (Go) Sep 26, 2023
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server... Critical Unreviewed
CVE-2023-42793 was published Sep 19, 2023
Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas... Critical Unreviewed
CVE-2023-4702 was published Sep 14, 2023
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update... High Unreviewed
CVE-2023-4516 was published Sep 14, 2023
Due to missing authentication check in webdynpro application, an unauthorized user in SAP... Moderate Unreviewed
CVE-2023-41367 was published Sep 13, 2023
Answer Missing Authentication for Critical Function High
CVE-2023-4815 was published for github.com/answerdev/answer (Go) Sep 7, 2023
A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions... High Unreviewed
CVE-2023-39981 was published Sep 2, 2023
A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering... High Unreviewed
CVE-2023-34392 was published Aug 31, 2023
In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external... High Unreviewed
CVE-2023-40598 was published Aug 30, 2023
cross-site inclusion (XSSI) of files in jupyter-server Moderate
CVE-2023-40170 was published for jupyter-server (pip) Aug 29, 2023
Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication... High Unreviewed
CVE-2023-38030 was published Aug 28, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database