GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,136 advisories
Filter by severity
Sentry vulnerable to incorrect credential validation on OAuth token requests
Moderate
CVE-2023-39531
was published
for
sentry
(pip)
Aug 9, 2023
The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health...
Moderate
Unreviewed
CVE-2023-4242
was published
Aug 9, 2023
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker...
Moderate
Unreviewed
CVE-2023-36926
was published
Aug 8, 2023
ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel.
Moderate
Unreviewed
CVE-2023-39112
was published
Aug 4, 2023
matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs
Moderate
CVE-2023-38691
was published
for
matrix-appservice-bridge
(npm)
Aug 4, 2023
Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password...
Moderate
Unreviewed
CVE-2023-3470
was published
Aug 2, 2023
Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged...
Moderate
Unreviewed
CVE-2023-3622
was published
Jul 26, 2023
Dapr API token authentication bypass in HTTP endpoints
Moderate
CVE-2023-37918
was published
for
github.com/dapr/dapr
(Go)
Jul 21, 2023
Keycloak: Impersonation and lockout possible through incorrect handling of email trust
Moderate
CVE-2023-0105
was published
for
org.keycloak:keycloak-core
(Maven)
Jul 18, 2023
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to...
Moderate
Unreviewed
CVE-2023-35901
was published
Jul 17, 2023
Issue summary: The AES-SIV cipher implementation contains a bug that causes
it to ignore empty...
Moderate
Unreviewed
CVE-2023-2975
was published
Jul 14, 2023
The configuration from the PCU can be modified without authentication using physical connection...
Moderate
Unreviewed
CVE-2023-30560
was published
Jul 13, 2023
The firmware update package for the wireless card is not properly signed and can be modified.
Moderate
Unreviewed
CVE-2023-30559
was published
Jul 13, 2023
An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6,...
Moderate
Unreviewed
CVE-2023-3362
was published
Jul 13, 2023
Apache Pulsar Broker Improper Authentication vulnerability
Moderate
CVE-2023-31007
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Jul 12, 2023
The listed versions of Nexx Smart Home devices could allow any user to register an already...
Moderate
Unreviewed
CVE-2023-1752
was published
Jul 6, 2023
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed...
Moderate
Unreviewed
CVE-2023-23761
was published
Jul 6, 2023
It is possible to manipulate the JWT token without the knowledge of the JWT secret and...
Moderate
Unreviewed
CVE-2021-4314
was published
Jul 6, 2023
An unauthenticated user can access Identity Manager’s management console specific page URLs....
Moderate
Unreviewed
CVE-2022-25626
was published
Jul 6, 2023
The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port...
Moderate
Unreviewed
CVE-2022-43557
was published
Jul 6, 2023
Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access...
Moderate
Unreviewed
CVE-2023-30675
was published
Jul 6, 2023
Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a...
Moderate
Unreviewed
CVE-2023-32620
was published
Jun 30, 2023
A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated,...
Moderate
Unreviewed
CVE-2023-20199
was published
Jun 28, 2023
Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in...
Moderate
Unreviewed
CVE-2023-34367
was published
Jun 14, 2023
Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration...
Moderate
Unreviewed
CVE-2023-2638
was published
Jun 13, 2023
ProTip!
Advisories are also available from the
GraphQL API