Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

967 advisories

Loading
phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes Moderate
CVE-2024-22208 was published for phpmyfaq/phpmyfaq (Composer) Feb 5, 2024
PinkDraconian
An incorrect authorization vulnerability has been reported to affect several QNAP operating... Moderate Unreviewed
CVE-2023-32967 was published Feb 2, 2024
Privilege Escalation in HashiCorp Consul Moderate
CVE-2020-28053 was published for github.com/hashicorp/consul (Go) Jan 31, 2024
No permission checks for editing/deleting records with CSV import form Moderate
CVE-2023-49783 was published for silverstripe/admin (Composer) Jan 23, 2024
GuySartorelli
View permissions are bypassed for paginated lists of ORM data Moderate
CVE-2023-44401 was published for silverstripe/graphql (Composer) Jan 23, 2024
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store)... Moderate Unreviewed
CVE-2024-23675 was published Jan 22, 2024
The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when... Moderate Unreviewed
CVE-2022-0775 was published Jan 16, 2024
An improper access control vulnerability exists in GitLab Remote Development affecting all... Moderate Unreviewed
CVE-2023-6955 was published Jan 12, 2024
SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does... Moderate Unreviewed
CVE-2024-21736 was published Jan 9, 2024
There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the... Moderate Unreviewed
CVE-2023-41779 was published Jan 3, 2024
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed... Moderate Unreviewed
CVE-2023-51379 was published Dec 21, 2023
An attacker could create malicious requests to obtain sensitive information about the... Moderate Unreviewed
CVE-2023-50705 was published Dec 20, 2023
Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass... Moderate Unreviewed
CVE-2023-6355 was published Dec 19, 2023
Privilege Escalation using Spoofing Moderate
CVE-2023-49273 was published for Umbraco.CMS (NuGet) Dec 13, 2023
jerpenol
An issue was discovered in Zammad before 6.2.0. When listing tickets linked to a knowledge base... Moderate Unreviewed
CVE-2023-50457 was published Dec 10, 2023
Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1... Moderate Unreviewed
CVE-2023-42569 was published Dec 5, 2023
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical... Moderate Unreviewed
CVE-2023-42575 was published Dec 5, 2023
An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows... Moderate Unreviewed
CVE-2023-24047 was published Dec 5, 2023
Incorrect Authorization vulnerability in NicheAddons Events Addon for Elementor allows Accessing... Moderate Unreviewed
CVE-2023-47827 was published Nov 30, 2023
Duplicate Advisory: Apache Superset - Elevation of Privilege Moderate
GHSA-392c-vjfv-h7wr was published for apache-superset (pip) Nov 27, 2023 withdrawn
The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls,... Moderate Unreviewed
CVE-2023-5509 was published Nov 20, 2023
The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when... Moderate Unreviewed
CVE-2023-5799 was published Nov 20, 2023
Bypass of field access control in strapi-plugin-protected-populate Moderate
CVE-2023-48218 was published for strapi-plugin-protected-populate (npm) Nov 20, 2023
Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10... Moderate Unreviewed
CVE-2023-42541 was published Nov 14, 2023
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes Moderate
CVE-2023-47037 was published for apache-airflow (pip) Nov 12, 2023
r3kumar sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database