GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,624 advisories
Filter by severity
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR...
Low
Unreviewed
CVE-2023-37867
was published
Nov 30, 2023
An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3,...
Low
Unreviewed
CVE-2023-3443
was published
Dec 1, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3...
Low
Unreviewed
CVE-2023-4658
was published
Dec 1, 2023
The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3...
Low
Unreviewed
CVE-2023-28895
was published
Dec 1, 2023
Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 ...
Low
Unreviewed
CVE-2023-28896
was published
Dec 1, 2023
A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as problematic. This issue...
Low
Unreviewed
CVE-2023-6467
was published
Dec 2, 2023
A vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue...
Low
Unreviewed
CVE-2023-6472
was published
Dec 2, 2023
A vulnerability was found in ระบบบัญชีออนไลน์ Online Accounting System up to 1.4.0 and classified...
Low
Unreviewed
CVE-2018-25094
was published
Dec 3, 2023
Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to...
Low
Unreviewed
CVE-2023-42556
was published
Dec 5, 2023
Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows...
Low
Unreviewed
CVE-2023-42572
was published
Dec 5, 2023
An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without...
Low
Unreviewed
CVE-2023-45085
was published
Dec 5, 2023
Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain...
Low
Unreviewed
CVE-2023-44298
was published
Dec 5, 2023
Canonical LXD documentation improvement to make clear restricted.devices.disk=allow without restricted.devices.disk.paths also allows shift=true
Low
GHSA-x9qq-236j-gj97
was published
for
github.com/canonical/lxd
(Go)
Dec 5, 2023
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution
Low
CVE-2023-49297
was published
for
PyDrive2
(pip)
Dec 5, 2023
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations
Low
GHSA-v7hc-87jc-qrrr
was published
for
knative.dev/eventing-github
(Go)
Dec 6, 2023
Microweber missing standardized error handling mechanism
Low
CVE-2023-6599
was published
for
microweber/microweber
(Composer)
Dec 8, 2023
dbt-core's secret env vars written to package-lock.json in plaintext
Low
GHSA-j4g3-3q8x-jxqp
was published
for
dbt-core
(pip)
Dec 8, 2023
A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this...
Low
Unreviewed
CVE-2023-6614
was published
Dec 8, 2023
A vulnerability classified as problematic has been found in Typecho 1.2.1. Affected is an unknown...
Low
Unreviewed
CVE-2023-6613
was published
Dec 8, 2023
A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected...
Low
Unreviewed
CVE-2023-6615
was published
Dec 8, 2023
eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations
Low
GHSA-99jv-8292-2hpm
was published
for
knative.dev/eventing-gitlab
(Go)
Dec 8, 2023
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background...
Low
Unreviewed
CVE-2023-5870
was published
Dec 10, 2023
In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered...
Low
Unreviewed
CVE-2023-6194
was published
Dec 11, 2023
Stale copy of the public suffix list
Low
GHSA-w4x6-hh3x-wjrx
was published
for
Gsemac.Net
(NuGet)
Dec 11, 2023
This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2...
Low
Unreviewed
CVE-2023-42874
was published
Dec 12, 2023
ProTip!
Advisories are also available from the
GraphQL API