Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

327 advisories

Loading
Improper configuration of RBAC permissions obtaining cluster control permissions Critical
CVE-2023-33190 was published for github.com/labring/sealos (Go) Jun 30, 2023
DVKunion
Credited to DVKunion
Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method. Critical Unreviewed
CVE-2023-32220 was published Jun 12, 2023
An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network... Critical Unreviewed
CVE-2023-27716 was published Jun 12, 2023
Wade Graphic Design FANTSY has a vulnerability of insufficient authorization check. An... Critical Unreviewed
CVE-2023-28698 was published Jun 2, 2023
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin... Critical Unreviewed
CVE-2023-34218 was published May 31, 2023
The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a... Critical Unreviewed
CVE-2023-23304 was published May 23, 2023
Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products... Critical Unreviewed
CVE-2023-27388 was published May 23, 2023
Privilege escalation (PR)/RCE from account through class sheet Critical
CVE-2023-32069 was published for org.xwiki.platform:xwiki-platform-test-ui (Maven) May 11, 2023
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS... Critical Unreviewed
CVE-2023-30467 was published Apr 28, 2023
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue... Critical Unreviewed
CVE-2023-30771 was published Apr 17, 2023
An authentication bypass vulnerability in the web client interface for the CL4NX printer before... Critical Unreviewed
CVE-2023-23594 was published Mar 31, 2023
An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack... Critical Unreviewed
CVE-2023-26829 was published Mar 31, 2023
Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2... Critical Unreviewed
CVE-2023-28611 was published Mar 23, 2023
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment... Critical Unreviewed
CVE-2022-48284 was published Feb 27, 2023
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment... Critical Unreviewed
CVE-2022-48283 was published Feb 27, 2023
TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control. Critical Unreviewed
CVE-2023-23064 was published Feb 18, 2023
Privilege escalation in MOSN Critical
CVE-2021-32163 was published for mosn.io/mosn (Go) Feb 17, 2023
An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4... Critical Unreviewed
CVE-2022-38375 was published Feb 16, 2023
Users with any cluster secret update access may update out-of-bounds cluster secrets Critical
CVE-2023-23947 was published for github.com/argoproj/argo-cd (Go) Feb 16, 2023
crenshaw-dev
Credited to crenshaw-dev
In Boa, there is a possible escalation of privilege due to a missing permission check. This could... Critical Unreviewed
CVE-2021-31577 was published Feb 7, 2023
A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to... Critical Unreviewed
CVE-2022-47003 was published Feb 1, 2023
Last Yard 22.09.8-1 does not enforce HSTS headers Critical Unreviewed
CVE-2022-47714 was published Feb 1, 2023
A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers... Critical Unreviewed
CVE-2022-47002 was published Feb 1, 2023
Dompdf vulnerable to URI validation failure on SVG parsing Critical
CVE-2023-23924 was published for dompdf/dompdf (Composer) Feb 1, 2023
Blaklis
Credited to Blaklis
An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can... Critical Unreviewed
CVE-2022-45172 was published Jan 31, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database