GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,062
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,622
NuGet
638
pip
3,233
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,035 advisories
Filter by severity
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role...
Moderate
Unreviewed
CVE-2024-24966
was published
Feb 14, 2024
Email Validation Bypass And Preventing Sign Up From Email's Owner
Moderate
CVE-2023-6152
was published
for
github.com/grafana/grafana
(Go)
Feb 13, 2024
Mattermost Jira Plugin does not properly check security levels
Low
CVE-2024-24774
was published
for
github.com/mattermost/mattermost-plugin-jira
(Go)
Feb 9, 2024
Improper authorization verification vulnerability in Samsung Internet prior to version 24.0...
Low
Unreviewed
CVE-2024-20828
was published
Feb 6, 2024
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up...
Moderate
Unreviewed
CVE-2023-6963
was published
Feb 6, 2024
phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes
Moderate
CVE-2024-22208
was published
for
phpmyfaq/phpmyfaq
(Composer)
Feb 5, 2024
An incorrect authorization vulnerability has been reported to affect several QNAP operating...
Moderate
Unreviewed
CVE-2023-32967
was published
Feb 2, 2024
Privilege Escalation in HashiCorp Consul
Moderate
CVE-2020-28053
was published
for
github.com/hashicorp/consul
(Go)
Jan 31, 2024
Buildkit's interactive containers API does not validate entitlements check
Critical
CVE-2024-23653
was published
for
github.com/moby/buildkit
(Go)
Jan 31, 2024
Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute...
High
Unreviewed
CVE-2024-22938
was published
Jan 30, 2024
No permission checks for editing/deleting records with CSV import form
Moderate
CVE-2023-49783
was published
for
silverstripe/admin
(Composer)
Jan 23, 2024
changedetection.io API endpoint is not secured with API token
Low
CVE-2024-23329
was published
for
changedetection.io
(pip)
Jan 23, 2024
View permissions are bypassed for paginated lists of ORM data
Moderate
CVE-2023-44401
was published
for
silverstripe/graphql
(Composer)
Jan 23, 2024
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store)...
Moderate
Unreviewed
CVE-2024-23675
was published
Jan 22, 2024
The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when...
Moderate
Unreviewed
CVE-2022-0775
was published
Jan 16, 2024
Authorization vulnerability in the BootLoader module. Successful exploitation of this...
High
Unreviewed
CVE-2023-52111
was published
Jan 16, 2024
An improper access control vulnerability exists in GitLab Remote Development affecting all...
Moderate
Unreviewed
CVE-2023-6955
was published
Jan 12, 2024
Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6...
Critical
Unreviewed
CVE-2023-5356
was published
Jan 12, 2024
SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107,...
High
Unreviewed
CVE-2024-21735
was published
Jan 9, 2024
There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the...
Moderate
Unreviewed
CVE-2023-41779
was published
Jan 3, 2024
The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints...
High
Unreviewed
CVE-2023-5644
was published
Dec 26, 2023
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million...
High
Unreviewed
CVE-2023-49949
was published
Dec 26, 2023
Nautobot missing object-level permissions enforcement when running Job Buttons
Low
CVE-2023-51649
was published
for
nautobot
(pip)
Dec 22, 2023
The api /api/snapshot and /api/get_log_file would allow unauthenticated access.
It could allow a...
High
Unreviewed
CVE-2023-41314
was published
Dec 22, 2023
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed...
Low
Unreviewed
CVE-2023-51380
was published
Dec 21, 2023
ProTip!
Advisories are also available from the
GraphQL API