GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,062
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,622
NuGet
638
pip
3,233
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
751 advisories
Filter by severity
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an...
High
Unreviewed
CVE-2023-45185
was published
Dec 14, 2023
Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a...
High
Unreviewed
CVE-2023-6542
was published
Dec 12, 2023
Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2...
High
Unreviewed
CVE-2023-36646
was published
Dec 12, 2023
TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect...
High
Unreviewed
CVE-2023-48859
was published
Dec 6, 2023
Unauthorized access vulnerability in the card management module. Successful exploitation of this...
High
Unreviewed
CVE-2023-49239
was published
Dec 6, 2023
Unauthorized access vulnerability in the launcher module. Successful exploitation of this...
High
Unreviewed
CVE-2023-49240
was published
Dec 6, 2023
Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics...
High
Unreviewed
CVE-2023-33071
was published
Dec 5, 2023
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication.
High
Unreviewed
CVE-2023-49947
was published
Dec 3, 2023
IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain...
High
Unreviewed
CVE-2023-42006
was published
Dec 1, 2023
Apache Superset - Elevation of Privilege
High
CVE-2023-40610
was published
for
apache-superset
(pip)
Nov 28, 2023
A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 -...
High
Unreviewed
CVE-2022-40681
was published
Nov 14, 2023
An issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser...
High
Unreviewed
CVE-2023-45899
was published
Oct 31, 2023
In Sim, there is a possible way to evade mobile preference restrictions due to a permission...
High
Unreviewed
CVE-2023-21390
was published
Oct 30, 2023
SaToken authentication bypass vulnerability
High
CVE-2023-43961
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect...
High
Unreviewed
CVE-2020-36714
was published
Oct 20, 2023
The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of...
High
Unreviewed
CVE-2021-4334
was published
Oct 20, 2023
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier)...
High
Unreviewed
CVE-2023-38218
was published
Oct 13, 2023
There is an interface unauthorized access vulnerability in the background of Tencent Enterprise...
High
Unreviewed
CVE-2023-40829
was published
Oct 12, 2023
Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9.
High
Unreviewed
CVE-2023-5521
was published
Oct 11, 2023
An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2...
High
Unreviewed
CVE-2023-36556
was published
Oct 10, 2023
An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service...
High
Unreviewed
CVE-2023-44860
was published
Oct 7, 2023
A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions....
High
Unreviewed
CVE-2022-3248
was published
Oct 5, 2023
An improper access control flaw was found in Candlepin. An attacker can create data scoped under...
High
Unreviewed
CVE-2023-1832
was published
Oct 4, 2023
Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0...
High
Unreviewed
CVE-2023-4997
was published
Oct 4, 2023
Quarkus HTTP vulnerable to incorrect evaluation of permissions
High
CVE-2023-4853
was published
for
io.quarkus:quarkus-csrf-reactive
(Maven)
Sep 20, 2023
ProTip!
Advisories are also available from the
GraphQL API