Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,031 advisories

Loading
Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2... High Unreviewed
CVE-2023-36646 was published Dec 12, 2023
Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a... High Unreviewed
CVE-2023-6542 was published Dec 12, 2023
Backoffice User can bypass "Publish" restriction Low
CVE-2023-48227 was published for Umbraco.CMS (NuGet) Dec 13, 2023
roie-shmuel
Privilege Escalation using Spoofing Moderate
CVE-2023-49273 was published for Umbraco.CMS (NuGet) Dec 13, 2023
jerpenol
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an... High Unreviewed
CVE-2023-45185 was published Dec 14, 2023
Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass... Moderate Unreviewed
CVE-2023-6355 was published Dec 19, 2023
Apache Superset incorrect write permissions vulnerability High
CVE-2023-49734 was published for apache-superset (pip) Dec 19, 2023
Velocity execution without script right through tree macro High
CVE-2023-50732 was published for org.xwiki.platform:xwiki-platform-index-tree-macro (Maven) Dec 19, 2023
An attacker could create malicious requests to obtain sensitive information about the... Moderate Unreviewed
CVE-2023-50705 was published Dec 20, 2023
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed... Low Unreviewed
CVE-2023-51380 was published Dec 21, 2023
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed... Moderate Unreviewed
CVE-2023-51379 was published Dec 21, 2023
The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a... High Unreviewed
CVE-2023-41314 was published Dec 22, 2023
Nautobot missing object-level permissions enforcement when running Job Buttons Low
CVE-2023-51649 was published for nautobot (pip) Dec 22, 2023
abdikanipd
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million... High Unreviewed
CVE-2023-49949 was published Dec 26, 2023
The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints... High Unreviewed
CVE-2023-5644 was published Dec 26, 2023
There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the... Moderate Unreviewed
CVE-2023-41779 was published Jan 3, 2024
SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107,... High Unreviewed
CVE-2024-21735 was published Jan 9, 2024
An improper access control vulnerability exists in GitLab Remote Development affecting all... Moderate Unreviewed
CVE-2023-6955 was published Jan 12, 2024
Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6... Critical Unreviewed
CVE-2023-5356 was published Jan 12, 2024
Authorization vulnerability in the BootLoader module. Successful exploitation of this... High Unreviewed
CVE-2023-52111 was published Jan 16, 2024
The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when... Moderate Unreviewed
CVE-2022-0775 was published Jan 16, 2024
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store)... Moderate Unreviewed
CVE-2024-23675 was published Jan 22, 2024
View permissions are bypassed for paginated lists of ORM data Moderate
CVE-2023-44401 was published for silverstripe/graphql (Composer) Jan 23, 2024
changedetection.io API endpoint is not secured with API token Low
CVE-2024-23329 was published for changedetection-io (pip) Jan 23, 2024
rozpuszczalny
No permission checks for editing/deleting records with CSV import form Moderate
CVE-2023-49783 was published for silverstripe/admin (Composer) Jan 23, 2024
GuySartorelli
ProTip! Advisories are also available from the GraphQL API