Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

240 advisories

Loading
Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2... Critical Unreviewed
CVE-2023-28611 was published Mar 23, 2023
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment... Critical Unreviewed
CVE-2022-48283 was published Feb 27, 2023
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment... Critical Unreviewed
CVE-2022-48284 was published Feb 27, 2023
TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control. Critical Unreviewed
CVE-2023-23064 was published Feb 18, 2023
Privilege escalation in MOSN Critical
CVE-2021-32163 was published for mosn.io/mosn (Go) Feb 17, 2023
An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4... Critical Unreviewed
CVE-2022-38375 was published Feb 16, 2023
Users with any cluster secret update access may update out-of-bounds cluster secrets Critical
CVE-2023-23947 was published for github.com/argoproj/argo-cd (Go) Feb 16, 2023
crenshaw-dev
In Boa, there is a possible escalation of privilege due to a missing permission check. This could... Critical Unreviewed
CVE-2021-31577 was published Feb 7, 2023
A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to... Critical Unreviewed
CVE-2022-47003 was published Feb 1, 2023
Last Yard 22.09.8-1 does not enforce HSTS headers Critical Unreviewed
CVE-2022-47714 was published Feb 1, 2023
A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers... Critical Unreviewed
CVE-2022-47002 was published Feb 1, 2023
Dompdf vulnerable to URI validation failure on SVG parsing Critical
CVE-2023-23924 was published for dompdf/dompdf (Composer) Feb 1, 2023
Blaklis
An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can... Critical Unreviewed
CVE-2022-45172 was published Jan 31, 2023
An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass... Critical Unreviewed
CVE-2022-48066 was published Jan 27, 2023
JWT audience claim is not verified Critical
CVE-2023-22482 was published for github.com/argoproj/argo-cd (Go) Jan 25, 2023
farcaller
An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for... Critical Unreviewed
CVE-2022-23739 was published Jan 17, 2023
https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 is vulnerable to Incorrect... Critical Unreviewed
CVE-2022-45778 was published Dec 28, 2022
In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a... Critical Unreviewed
CVE-2021-45466 was published Dec 26, 2022
Planet eStream before 6.72.10.07 allows attackers to call restricted functions, and perform... Critical Unreviewed
CVE-2022-45891 was published Dec 25, 2022
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter) Critical
CVE-2022-47408 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
ohader tdunlap607
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure... Critical Unreviewed
CVE-2022-43515 was published Dec 5, 2022
The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated... Critical Unreviewed
CVE-2022-41326 was published Nov 22, 2022
Carel Boss Mini 1.5.0 has Improper Access Control. Critical Unreviewed
CVE-2022-34827 was published Nov 19, 2022
Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress. Critical Unreviewed
CVE-2022-41155 was published Nov 19, 2022
Spring Security authorization rules can be bypassed via forward or include dispatcher types Critical
CVE-2022-31692 was published for org.springframework.security:spring-security-core (Maven) Nov 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database