Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,911 advisories

Loading
An issue was discovered in the Windows Network Drive Connector when using Document Level Security... Moderate Unreviewed
CVE-2024-23447 was published Feb 7, 2024
An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect... Moderate Unreviewed
CVE-2024-23446 was published Feb 7, 2024
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server... Moderate Unreviewed
CVE-2023-32479 was published Feb 6, 2024
Memory corruption in Automotive Multimedia due to improper access control in HAB. High Unreviewed
CVE-2023-43517 was published Feb 6, 2024
phpMyFAQ User Removal Page Allows Spoofing Of User Details Moderate
CVE-2024-22202 was published for phpmyfaq/phpmyfaq (Composer) Feb 5, 2024
PinkDraconian
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform... Moderate Unreviewed
CVE-2023-38263 was published Feb 2, 2024
IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due... Moderate Unreviewed
CVE-2023-32333 was published Feb 2, 2024
MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers... High Unreviewed
CVE-2023-47867 was published Feb 2, 2024
A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This... Moderate Unreviewed
CVE-2024-1114 was published Jan 31, 2024
@lobehub/chat vulnerable to unauthorized access to plugins Moderate
CVE-2024-24566 was published for @lobehub/chat (npm) Jan 31, 2024
dastaj
vantage6 has insecure SSH configuration for node and server containers Moderate
CVE-2024-21653 was published for vantage6 (pip) Jan 30, 2024
A vulnerability classified as problematic was found in SourceCodester Employee Management System... Moderate Unreviewed
CVE-2024-1011 was published Jan 29, 2024
A vulnerability with the access control list (ACL) management within a stacked switch... Moderate Unreviewed
CVE-2024-20263 was published Jan 26, 2024
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store)... Moderate Unreviewed
CVE-2024-23675 was published Jan 22, 2024
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem High
CVE-2024-23331 was published for vite (npm) Jan 19, 2024
dariushoule
Sandbox escape in Artemis Java Test Sandbox High
CVE-2024-23681 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024
Improper access control in some Intel HotKey Services for Windows 10 for Intel NUC P14E Laptop... High Unreviewed
CVE-2023-32544 was published Jan 19, 2024
A vulnerability was found in Beijing Baichuo Smart S150 Management Platform V31R02B15. It has... High Unreviewed
CVE-2024-0712 was published Jan 19, 2024
Broken Access Control order API in Shopware Moderate
CVE-2024-22407 was published for shopware/core (Composer) Jan 17, 2024
A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved... Moderate Unreviewed
CVE-2023-20260 was published Jan 17, 2024
Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This... Critical Unreviewed
CVE-2024-0642 was published Jan 17, 2024
A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This... High Unreviewed
CVE-2024-0570 was published Jan 16, 2024
EverShop at risk to unauthorized access via weak HMAC secret High
CVE-2023-46943 was published for @evershop/evershop (npm) Jan 13, 2024
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom... High Unreviewed
CVE-2023-49647 was published Jan 13, 2024
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR) Critical
CVE-2024-22206 was published for @clerk/nextjs (npm) Jan 12, 2024
nikosdouvlis SokratisVidros
colinclerk agis braden-clerk BRKalow
ProTip! Advisories are also available from the GraphQL API