Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

463 advisories

Loading
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions... High Unreviewed
CVE-2023-35914 was published Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial... Moderate Unreviewed
CVE-2023-36520 was published Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square... High Unreviewed
CVE-2023-35876 was published Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media... Moderate Unreviewed
CVE-2023-38513 was published Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This... High Unreviewed
CVE-2023-37871 was published Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart... Moderate Unreviewed
CVE-2023-41796 was published Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments –... Low Unreviewed
CVE-2023-46311 was published Dec 20, 2023
EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object... High Unreviewed
CVE-2023-6929 was published Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects... Moderate Unreviewed
CVE-2022-43450 was published Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap... Moderate Unreviewed
CVE-2023-49812 was published Dec 19, 2023
Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to... Moderate Unreviewed
CVE-2023-46701 was published Dec 12, 2023
Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference... High Unreviewed
CVE-2023-48641 was published Dec 12, 2023
Improper JWT Signature Validation in SAP Security Services Library Critical
CVE-2023-50422 was published for com.sap.cloud.security.xsuaa:spring-xsuaa (Maven) Dec 12, 2023
Escalation of privileges in @sap/xssec Critical
CVE-2023-49583 was published for @sap/xssec (npm) Dec 12, 2023
leon-vg
Privilege escalation in sap-xssec Critical
CVE-2023-50423 was published for sap-xssec (pip) Dec 12, 2023
Privilege escalation in sap/cloud-security-client-go Critical
CVE-2023-50424 was published for github.com/sap/cloud-security-client-go (Go) Dec 12, 2023
Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view... Moderate Unreviewed
CVE-2023-6341 was published Nov 30, 2023
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure... Moderate Unreviewed
CVE-2023-6226 was published Nov 28, 2023
OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that... High Unreviewed
CVE-2023-49298 was published Nov 24, 2023
SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a... Moderate Unreviewed
CVE-2023-33706 was published Nov 24, 2023
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows... Moderate Unreviewed
CVE-2023-47316 was published Nov 22, 2023
Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an... Critical Unreviewed
CVE-2023-6144 was published Nov 21, 2023
An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of... High Unreviewed
CVE-2023-38884 was published Nov 20, 2023
Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow attackers to gain unauthorized... Moderate Unreviewed
CVE-2023-43900 was published Nov 14, 2023
Moodle Cross-site Scripting vulnerability Moderate
CVE-2023-5544 was published for moodle/moodle (Composer) Nov 9, 2023
ProTip! Advisories are also available from the GraphQL API