GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,911 advisories
Filter by severity
An issue was discovered in the Windows Network Drive Connector when using Document Level Security...
Moderate
Unreviewed
CVE-2024-23447
was published
Feb 7, 2024
An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect...
Moderate
Unreviewed
CVE-2024-23446
was published
Feb 7, 2024
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server...
Moderate
Unreviewed
CVE-2023-32479
was published
Feb 6, 2024
Memory corruption in Automotive Multimedia due to improper access control in HAB.
High
Unreviewed
CVE-2023-43517
was published
Feb 6, 2024
phpMyFAQ User Removal Page Allows Spoofing Of User Details
Moderate
CVE-2024-22202
was published
for
phpmyfaq/phpmyfaq
(Composer)
Feb 5, 2024
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform...
Moderate
Unreviewed
CVE-2023-38263
was published
Feb 2, 2024
IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due...
Moderate
Unreviewed
CVE-2023-32333
was published
Feb 2, 2024
MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers...
High
Unreviewed
CVE-2023-47867
was published
Feb 2, 2024
A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This...
Moderate
Unreviewed
CVE-2024-1114
was published
Jan 31, 2024
@lobehub/chat vulnerable to unauthorized access to plugins
Moderate
CVE-2024-24566
was published
for
@lobehub/chat
(npm)
Jan 31, 2024
vantage6 has insecure SSH configuration for node and server containers
Moderate
CVE-2024-21653
was published
for
vantage6
(pip)
Jan 30, 2024
A vulnerability classified as problematic was found in SourceCodester Employee Management System...
Moderate
Unreviewed
CVE-2024-1011
was published
Jan 29, 2024
A vulnerability with the access control list (ACL) management within a stacked switch...
Moderate
Unreviewed
CVE-2024-20263
was published
Jan 26, 2024
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store)...
Moderate
Unreviewed
CVE-2024-23675
was published
Jan 22, 2024
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
High
CVE-2024-23331
was published
for
vite
(npm)
Jan 19, 2024
Sandbox escape in Artemis Java Test Sandbox
High
CVE-2024-23681
was published
for
de.tum.in.ase:artemis-java-test-sandbox
(Maven)
Jan 19, 2024
Improper access control in some Intel HotKey Services for Windows 10 for Intel NUC P14E Laptop...
High
Unreviewed
CVE-2023-32544
was published
Jan 19, 2024
A vulnerability was found in Beijing Baichuo Smart S150 Management Platform V31R02B15. It has...
High
Unreviewed
CVE-2024-0712
was published
Jan 19, 2024
Broken Access Control order API in Shopware
Moderate
CVE-2024-22407
was published
for
shopware/core
(Composer)
Jan 17, 2024
A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved...
Moderate
Unreviewed
CVE-2023-20260
was published
Jan 17, 2024
Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This...
Critical
Unreviewed
CVE-2024-0642
was published
Jan 17, 2024
A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This...
High
Unreviewed
CVE-2024-0570
was published
Jan 16, 2024
EverShop at risk to unauthorized access via weak HMAC secret
High
CVE-2023-46943
was published
for
@evershop/evershop
(npm)
Jan 13, 2024
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom...
High
Unreviewed
CVE-2023-49647
was published
Jan 13, 2024
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Critical
CVE-2024-22206
was published
for
@clerk/nextjs
(npm)
Jan 12, 2024
ProTip!
Advisories are also available from the
GraphQL API