GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
752 advisories
Filter by severity
Quarkus HTTP vulnerable to incorrect evaluation of permissions
High
CVE-2023-4853
was published
for
io.quarkus:quarkus-csrf-reactive
(Maven)
Sep 20, 2023
** UNSUPPPORTED WHEN ASSIGNED ** Incorrect authorisation in ekorCCP and ekorRCI, which could...
High
Unreviewed
CVE-2022-47553
was published
Sep 19, 2023
Weak access control in Wing FTP Server (Admin Web Client) allows for privilege escalation.This...
High
Unreviewed
CVE-2023-37881
was published
Sep 15, 2023
A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which...
High
Unreviewed
CVE-2023-4814
was published
Sep 14, 2023
A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress...
High
Unreviewed
CVE-2023-20191
was published
Sep 13, 2023
IBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a...
High
Unreviewed
CVE-2023-30995
was published
Sep 8, 2023
The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin,...
High
Unreviewed
CVE-2023-4019
was published
Sep 4, 2023
A vulnerability was found in subscription-manager that allows local privilege escalation due to...
High
Unreviewed
CVE-2023-3899
was published
Aug 23, 2023
Vulnerability of incomplete permission verification in the input method module. Successful...
High
Unreviewed
CVE-2023-39384
was published
Aug 13, 2023
The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass...
High
Unreviewed
CVE-2023-32783
was published
Aug 7, 2023
Field injection in the KirbyData text storage handler
High
CVE-2023-38488
was published
for
getkirby/cms
(Composer)
Jul 28, 2023
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data...
High
Unreviewed
CVE-2023-32629
was published
Jul 26, 2023
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission...
High
Unreviewed
CVE-2023-2640
was published
Jul 26, 2023
Paths contain matrix variables bypass decorators
High
CVE-2023-38493
was published
for
com.linecorp.armeria:armeria
(Maven)
Jul 25, 2023
An access control issue in WebBoss.io CMS v3.7.0 allows attackers to access the Website Backup...
High
Unreviewed
CVE-2023-36339
was published
Jul 21, 2023
Spring Security's authorization rules can be misconfigured when using multiple servlets
High
CVE-2023-34035
was published
for
org.springframework.security:spring-security-config
(Maven)
Jul 18, 2023
An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain...
High
Unreviewed
CVE-2022-26563
was published
Jul 18, 2023
The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized...
High
Unreviewed
CVE-2023-3459
was published
Jul 18, 2023
Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted...
High
Unreviewed
CVE-2023-3590
was published
Jul 17, 2023
Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization
High
CVE-2023-30428
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Jul 12, 2023
SGUDA U-Lock central lock control service’s user management function has incorrect authorization....
High
Unreviewed
CVE-2022-46308
was published
Jul 6, 2023
SGUDA U-Lock central lock control service’s lock management function has incorrect authorization....
High
Unreviewed
CVE-2022-46307
was published
Jul 6, 2023
Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as...
High
Unreviewed
CVE-2023-2534
was published
Jul 6, 2023
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27...
High
Unreviewed
CVE-2022-43770
was published
Jul 6, 2023
A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against...
High
Unreviewed
CVE-2023-22610
was published
Jul 6, 2023
ProTip!
Advisories are also available from the
GraphQL API