Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

336 advisories

Loading
Apache InLong Improper Privilege Management vulnerability Critical
CVE-2023-31062 was published for org.apache.inlong:manager-dao (Maven) Jul 6, 2023
Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this... Critical Unreviewed
CVE-2021-46894 was published Jul 6, 2023
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user... Critical Unreviewed
CVE-2023-3460 was published Jul 4, 2023
XWiki Platform's Mail.MailConfig can be edited by any user with edit rights Critical
CVE-2023-34465 was published for org.xwiki.platform:xwiki-platform-mail-send-default (Maven) Jun 20, 2023
Rancher vulnerable to Privilege Escalation via manipulation of Secrets Critical
CVE-2023-22647 was published for github.com/rancher/rancher (Go) Jun 6, 2023
andrewpollock
Credited to andrewpollock
In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in... Critical Unreviewed
CVE-2023-32713 was published Jun 1, 2023
An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation... Critical Unreviewed
CVE-2023-29734 was published May 30, 2023
Code execution and sensitive information disclosure due to excessive privileges assigned to... Critical Unreviewed
CVE-2022-3405 was published May 3, 2023
Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges... Critical Unreviewed
CVE-2023-1966 was published Apr 28, 2023
Rancher Webhook is misconfigured during upgrade process Critical
CVE-2023-22651 was published for github.com/rancher/rancher (Go) Apr 24, 2023
pjbgf
Credited to pjbgf
Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local... Critical Unreviewed
CVE-2023-25133 was published Apr 24, 2023
Apache Spark vulnerable to Improper Privilege Management Critical
CVE-2023-22946 was published for org.apache.spark:spark-core_2.12 (Maven) Apr 17, 2023
pan3793
Credited to pan3793
An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of... Critical Unreviewed
CVE-2023-27654 was published Apr 14, 2023
TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via... Critical Unreviewed
CVE-2023-27830 was published Apr 12, 2023
An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote... Critical Unreviewed
CVE-2023-27645 was published Apr 11, 2023
Some smartphones have configuration issues. Successful exploitation of this vulnerability may... Critical Unreviewed
CVE-2022-48353 was published Mar 28, 2023
xwiki-platform vulnerable to Remote Code Execution in Annotations Critical
CVE-2023-26475 was published for org.xwiki.platform:xwiki-platform-annotation-ui (Maven) Mar 2, 2023
renniepak
Credited to renniepak
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment... Critical Unreviewed
CVE-2022-48283 was published Feb 27, 2023
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment... Critical Unreviewed
CVE-2022-48284 was published Feb 27, 2023
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges... Critical Unreviewed
CVE-2022-45101 was published Feb 1, 2023
The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure... Critical Unreviewed
CVE-2022-4305 was published Jan 23, 2023
JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to... Critical Unreviewed
CVE-2022-0668 was published Jan 8, 2023
h3c firewall <= 3.10 ESS6703 has a privilege bypass vulnerability. Critical Unreviewed
CVE-2022-45963 was published Dec 28, 2022
Some smartphones have configuration issues. Successful exploitation of this vulnerability may... Critical Unreviewed
CVE-2022-46327 was published Dec 20, 2022
Improper Privilege Management in rdiffweb Critical
CVE-2022-4314 was published for rdiffweb (pip) Dec 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database