Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

149 advisories

Loading
There is a permission and access control vulnerability in some ZTE mobile phones. Due to... Low Unreviewed
CVE-2023-25647 was published Aug 17, 2023
Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team... Low Unreviewed
CVE-2023-3584 was published Jul 17, 2023
Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding... Low Unreviewed
CVE-2023-3613 was published Jul 17, 2023
Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource Low
CVE-2023-3485 was published for go.temporal.io/server (Go) Jun 30, 2023
Magento Open Source allows Incorrect Authorization Low
CVE-2023-29296 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Open Source allows Incorrect Authorization Low
CVE-2023-29295 was published for magento/community-edition (Composer) Jun 15, 2023
kiwi TCMS has possibility for user to update email address to unverified one Low
CVE-2023-30544 was published for kiwitcms (pip) Apr 24, 2023
Incorrect Authorization in Jenkins Core Low
CVE-2023-27903 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper... Low Unreviewed
CVE-2023-21424 was published Feb 9, 2023
In registerReceivers of DeviceCapabilityListener.java, there is a possible way to change... Low Unreviewed
CVE-2022-20558 was published Dec 21, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T... Low Unreviewed
CVE-2022-39913 was published Dec 8, 2022
Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung... Low Unreviewed
CVE-2022-39914 was published Dec 8, 2022
Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local... Low Unreviewed
CVE-2022-39903 was published Dec 8, 2022
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the... Low Unreviewed
CVE-2022-42903 was published Nov 18, 2022
A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and... Low Unreviewed
CVE-2022-3582 was published Oct 18, 2022
Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local... Low Unreviewed
CVE-2022-36852 was published Sep 10, 2022
Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows... Low Unreviewed
CVE-2022-36857 was published Sep 10, 2022
Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical... Low Unreviewed
CVE-2022-36876 was published Sep 10, 2022
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment... Low Unreviewed
CVE-2022-36117 was published Aug 26, 2022
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may... Low Unreviewed
CVE-2021-23188 was published Aug 19, 2022
In Settings, there is a possible way for an application without permissions to read content of... Low Unreviewed
CVE-2022-20321 was published Aug 13, 2022
Byobu user preference to prevent private discussions being started are not respected Low
CVE-2022-35921 was published for fof/byobu (Composer) Aug 6, 2022
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions... Low Unreviewed
CVE-2022-2456 was published Aug 6, 2022
An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions... Low Unreviewed
CVE-2022-2459 was published Aug 6, 2022
IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0... Low Unreviewed
CVE-2022-22326 was published Aug 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database