Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,062
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,622
NuGet
638
pip
3,233
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,035 advisories

Loading
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role... Moderate Unreviewed
CVE-2024-24966 was published Feb 14, 2024
Email Validation Bypass And Preventing Sign Up From Email's Owner Moderate
CVE-2023-6152 was published for github.com/grafana/grafana (Go) Feb 13, 2024
negrel
Mattermost Jira Plugin does not properly check security levels Low
CVE-2024-24774 was published for github.com/mattermost/mattermost-plugin-jira (Go) Feb 9, 2024
Improper authorization verification vulnerability in Samsung Internet prior to version 24.0... Low Unreviewed
CVE-2024-20828 was published Feb 6, 2024
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up... Moderate Unreviewed
CVE-2023-6963 was published Feb 6, 2024
phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes Moderate
CVE-2024-22208 was published for phpmyfaq/phpmyfaq (Composer) Feb 5, 2024
PinkDraconian
An incorrect authorization vulnerability has been reported to affect several QNAP operating... Moderate Unreviewed
CVE-2023-32967 was published Feb 2, 2024
Privilege Escalation in HashiCorp Consul Moderate
CVE-2020-28053 was published for github.com/hashicorp/consul (Go) Jan 31, 2024
Buildkit's interactive containers API does not validate entitlements check Critical
CVE-2024-23653 was published for github.com/moby/buildkit (Go) Jan 31, 2024
rmcnamara-snyk
Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute... High Unreviewed
CVE-2024-22938 was published Jan 30, 2024
No permission checks for editing/deleting records with CSV import form Moderate
CVE-2023-49783 was published for silverstripe/admin (Composer) Jan 23, 2024
GuySartorelli
changedetection.io API endpoint is not secured with API token Low
CVE-2024-23329 was published for changedetection.io (pip) Jan 23, 2024
rozpuszczalny
View permissions are bypassed for paginated lists of ORM data Moderate
CVE-2023-44401 was published for silverstripe/graphql (Composer) Jan 23, 2024
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store)... Moderate Unreviewed
CVE-2024-23675 was published Jan 22, 2024
The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when... Moderate Unreviewed
CVE-2022-0775 was published Jan 16, 2024
Authorization vulnerability in the BootLoader module. Successful exploitation of this... High Unreviewed
CVE-2023-52111 was published Jan 16, 2024
An improper access control vulnerability exists in GitLab Remote Development affecting all... Moderate Unreviewed
CVE-2023-6955 was published Jan 12, 2024
Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6... Critical Unreviewed
CVE-2023-5356 was published Jan 12, 2024
SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107,... High Unreviewed
CVE-2024-21735 was published Jan 9, 2024
There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the... Moderate Unreviewed
CVE-2023-41779 was published Jan 3, 2024
The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints... High Unreviewed
CVE-2023-5644 was published Dec 26, 2023
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million... High Unreviewed
CVE-2023-49949 was published Dec 26, 2023
Nautobot missing object-level permissions enforcement when running Job Buttons Low
CVE-2023-51649 was published for nautobot (pip) Dec 22, 2023
abdikanipd
The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a... High Unreviewed
CVE-2023-41314 was published Dec 22, 2023
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed... Low Unreviewed
CVE-2023-51380 was published Dec 21, 2023
ProTip! Advisories are also available from the GraphQL API