GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
967 advisories
Filter by severity
phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes
Moderate
CVE-2024-22208
was published
for
phpmyfaq/phpmyfaq
(Composer)
Feb 5, 2024
An incorrect authorization vulnerability has been reported to affect several QNAP operating...
Moderate
Unreviewed
CVE-2023-32967
was published
Feb 2, 2024
Privilege Escalation in HashiCorp Consul
Moderate
CVE-2020-28053
was published
for
github.com/hashicorp/consul
(Go)
Jan 31, 2024
No permission checks for editing/deleting records with CSV import form
Moderate
CVE-2023-49783
was published
for
silverstripe/admin
(Composer)
Jan 23, 2024
View permissions are bypassed for paginated lists of ORM data
Moderate
CVE-2023-44401
was published
for
silverstripe/graphql
(Composer)
Jan 23, 2024
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store)...
Moderate
Unreviewed
CVE-2024-23675
was published
Jan 22, 2024
The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when...
Moderate
Unreviewed
CVE-2022-0775
was published
Jan 16, 2024
An improper access control vulnerability exists in GitLab Remote Development affecting all...
Moderate
Unreviewed
CVE-2023-6955
was published
Jan 12, 2024
SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does...
Moderate
Unreviewed
CVE-2024-21736
was published
Jan 9, 2024
There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the...
Moderate
Unreviewed
CVE-2023-41779
was published
Jan 3, 2024
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed...
Moderate
Unreviewed
CVE-2023-51379
was published
Dec 21, 2023
An attacker could create malicious requests to obtain sensitive information about the...
Moderate
Unreviewed
CVE-2023-50705
was published
Dec 20, 2023
Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass...
Moderate
Unreviewed
CVE-2023-6355
was published
Dec 19, 2023
Privilege Escalation using Spoofing
Moderate
CVE-2023-49273
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
An issue was discovered in Zammad before 6.2.0. When listing tickets linked to a knowledge base...
Moderate
Unreviewed
CVE-2023-50457
was published
Dec 10, 2023
Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1...
Moderate
Unreviewed
CVE-2023-42569
was published
Dec 5, 2023
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical...
Moderate
Unreviewed
CVE-2023-42575
was published
Dec 5, 2023
An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows...
Moderate
Unreviewed
CVE-2023-24047
was published
Dec 5, 2023
Incorrect Authorization vulnerability in NicheAddons Events Addon for Elementor allows Accessing...
Moderate
Unreviewed
CVE-2023-47827
was published
Nov 30, 2023
Duplicate Advisory: Apache Superset - Elevation of Privilege
Moderate
GHSA-392c-vjfv-h7wr
was published
for
apache-superset
(pip)
Nov 27, 2023
•
withdrawn
The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls,...
Moderate
Unreviewed
CVE-2023-5509
was published
Nov 20, 2023
The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when...
Moderate
Unreviewed
CVE-2023-5799
was published
Nov 20, 2023
Bypass of field access control in strapi-plugin-protected-populate
Moderate
CVE-2023-48218
was published
for
strapi-plugin-protected-populate
(npm)
Nov 20, 2023
Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10...
Moderate
Unreviewed
CVE-2023-42541
was published
Nov 14, 2023
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes
Moderate
CVE-2023-47037
was published
for
apache-airflow
(pip)
Nov 12, 2023
ProTip!
Advisories are also available from the
GraphQL API