Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

752 advisories

Loading
Quarkus HTTP vulnerable to incorrect evaluation of permissions High
CVE-2023-4853 was published for io.quarkus:quarkus-csrf-reactive (Maven) Sep 20, 2023
** UNSUPPPORTED WHEN ASSIGNED ** Incorrect authorisation in ekorCCP and ekorRCI, which could... High Unreviewed
CVE-2022-47553 was published Sep 19, 2023
Weak access control in Wing FTP Server (Admin Web Client) allows for privilege escalation.This... High Unreviewed
CVE-2023-37881 was published Sep 15, 2023
A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which... High Unreviewed
CVE-2023-4814 was published Sep 14, 2023
A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress... High Unreviewed
CVE-2023-20191 was published Sep 13, 2023
IBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a... High Unreviewed
CVE-2023-30995 was published Sep 8, 2023
The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin,... High Unreviewed
CVE-2023-4019 was published Sep 4, 2023
A vulnerability was found in subscription-manager that allows local privilege escalation due to... High Unreviewed
CVE-2023-3899 was published Aug 23, 2023
Vulnerability of incomplete permission verification in the input method module. Successful... High Unreviewed
CVE-2023-39384 was published Aug 13, 2023
The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass... High Unreviewed
CVE-2023-32783 was published Aug 7, 2023
Field injection in the KirbyData text storage handler High
CVE-2023-38488 was published for getkirby/cms (Composer) Jul 28, 2023
dapatrese
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data... High Unreviewed
CVE-2023-32629 was published Jul 26, 2023
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission... High Unreviewed
CVE-2023-2640 was published Jul 26, 2023
Paths contain matrix variables bypass decorators High
CVE-2023-38493 was published for com.linecorp.armeria:armeria (Maven) Jul 25, 2023
An access control issue in WebBoss.io CMS v3.7.0 allows attackers to access the Website Backup... High Unreviewed
CVE-2023-36339 was published Jul 21, 2023
Spring Security's authorization rules can be misconfigured when using multiple servlets High
CVE-2023-34035 was published for org.springframework.security:spring-security-config (Maven) Jul 18, 2023
An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain... High Unreviewed
CVE-2022-26563 was published Jul 18, 2023
The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized... High Unreviewed
CVE-2023-3459 was published Jul 18, 2023
Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted... High Unreviewed
CVE-2023-3590 was published Jul 17, 2023
Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization High
CVE-2023-30428 was published for org.apache.pulsar:pulsar-broker (Maven) Jul 12, 2023
SGUDA U-Lock central lock control service’s user management function has incorrect authorization.... High Unreviewed
CVE-2022-46308 was published Jul 6, 2023
SGUDA U-Lock central lock control service’s lock management function has incorrect authorization.... High Unreviewed
CVE-2022-46307 was published Jul 6, 2023
Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as... High Unreviewed
CVE-2023-2534 was published Jul 6, 2023
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27... High Unreviewed
CVE-2022-43770 was published Jul 6, 2023
A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against... High Unreviewed
CVE-2023-22610 was published Jul 6, 2023
ProTip! Advisories are also available from the GraphQL API