GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,643
NuGet
638
pip
3,259
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,055 advisories
Filter by severity
No permission checks for editing/deleting records with CSV import form
Moderate
CVE-2023-49783
was published
for
silverstripe/admin
(Composer)
Jan 23, 2024
changedetection.io API endpoint is not secured with API token
Low
CVE-2024-23329
was published
for
changedetection.io
(pip)
Jan 23, 2024
View permissions are bypassed for paginated lists of ORM data
Moderate
CVE-2023-44401
was published
for
silverstripe/graphql
(Composer)
Jan 23, 2024
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store)...
Moderate
Unreviewed
CVE-2024-23675
was published
Jan 22, 2024
The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when...
Moderate
Unreviewed
CVE-2022-0775
was published
Jan 16, 2024
Authorization vulnerability in the BootLoader module. Successful exploitation of this...
High
Unreviewed
CVE-2023-52111
was published
Jan 16, 2024
An improper access control vulnerability exists in GitLab Remote Development affecting all...
Moderate
Unreviewed
CVE-2023-6955
was published
Jan 12, 2024
Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6...
Critical
Unreviewed
CVE-2023-5356
was published
Jan 12, 2024
SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107,...
High
Unreviewed
CVE-2024-21735
was published
Jan 9, 2024
SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does...
Moderate
Unreviewed
CVE-2024-21736
was published
Jan 9, 2024
There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the...
Moderate
Unreviewed
CVE-2023-41779
was published
Jan 3, 2024
The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints...
High
Unreviewed
CVE-2023-5644
was published
Dec 26, 2023
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million...
High
Unreviewed
CVE-2023-49949
was published
Dec 26, 2023
Nautobot missing object-level permissions enforcement when running Job Buttons
Low
CVE-2023-51649
was published
for
nautobot
(pip)
Dec 22, 2023
The api /api/snapshot and /api/get_log_file would allow unauthenticated access.
It could allow a...
High
Unreviewed
CVE-2023-41314
was published
Dec 22, 2023
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed...
Low
Unreviewed
CVE-2023-51380
was published
Dec 21, 2023
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed...
Moderate
Unreviewed
CVE-2023-51379
was published
Dec 21, 2023
An attacker could create malicious requests to obtain sensitive information about the...
Moderate
Unreviewed
CVE-2023-50705
was published
Dec 20, 2023
Velocity execution without script right through tree macro
High
CVE-2023-50732
was published
for
org.xwiki.platform:xwiki-platform-index-tree-macro
(Maven)
Dec 19, 2023
Apache Superset incorrect write permissions vulnerability
High
CVE-2023-49734
was published
for
apache-superset
(pip)
Dec 19, 2023
Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass...
Moderate
Unreviewed
CVE-2023-6355
was published
Dec 19, 2023
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an...
High
Unreviewed
CVE-2023-45185
was published
Dec 14, 2023
Privilege Escalation using Spoofing
Moderate
CVE-2023-49273
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Backoffice User can bypass "Publish" restriction
Low
CVE-2023-48227
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a...
High
Unreviewed
CVE-2023-6542
was published
Dec 12, 2023
ProTip!
Advisories are also available from the
GraphQL API