Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

271 advisories

Loading
An improper access control vulnerability was identified in the Realtek audio driver. A local... High Unreviewed
CVE-2022-34405 was published Jan 26, 2023
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster High
CVE-2022-21953 was published for github.com/rancher/rancher (Go) Jan 25, 2023
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in... High Unreviewed
CVE-2022-4701 was published Jan 10, 2023
KubeOperator allows unauthorized access to system API High
CVE-2023-22480 was published for github.com/KubeOperator/KubeOperator (Go) Jan 9, 2023
suanve
Credited to suanve
A vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical... High Unreviewed
CVE-2022-4879 was published Jan 6, 2023
usememos/memos vulnerable to improper authorization High
CVE-2022-4688 was published for github.com/usememos/memos (Go) Dec 23, 2022
The application management module has a vulnerability in permission verification. Successful... High Unreviewed
CVE-2022-46312 was published Dec 20, 2022
OpenFGA Authorization Bypass High
CVE-2022-23542 was published for github.com/openfga/openfga (Go) Dec 20, 2022
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting... High Unreviewed
CVE-2022-2536 was published Dec 15, 2022
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension... High Unreviewed
CVE-2022-47409 was published Dec 14, 2022
Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker... High Unreviewed
CVE-2022-39902 was published Dec 8, 2022
Quarkus CORS filter allows simple GET and POST requests with an invalid Origin to proceed High
CVE-2022-4147 was published for io.quarkus:quarkus-vertx-http (Maven) Dec 6, 2022
A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this... High Unreviewed
CVE-2022-4281 was published Dec 5, 2022
Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1... High Unreviewed
CVE-2022-39883 was published Nov 10, 2022
A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow... High Unreviewed
CVE-2022-36453 was published Oct 25, 2022
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API High
CVE-2022-41672 was published for apache-airflow (pip) Oct 7, 2022
sunSUNQ
Credited to sunSUNQ
XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference High
CVE-2022-31167 was published for org.xwiki.platform:xwiki-platform-security (Maven) Sep 20, 2022
Harbor fails to validate the user permissions when viewing Webhook policies High
CVE-2022-31666 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
andrewpollock
Credited to andrewpollock
Harbor fails to validate the user permissions when updating tag retention policies High
CVE-2022-31670 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
michaelkedar
Credited to michaelkedar
XWiki Platform Improper Authorization check for inactive users High
CVE-2022-36090 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 16, 2022
Netmaker vulnerable to Insufficient Granularity of Access Control High
CVE-2022-36110 was published for github.com/gravitl/netmaker (Go) Sep 15, 2022
Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy... High Unreviewed
CVE-2022-29490 was published Sep 13, 2022
Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8. High Unreviewed
CVE-2022-2901 was published Sep 7, 2022
Magento Improper Authorization vulnerability High
CVE-2022-34256 was published for magento/community-edition (Composer) Aug 17, 2022
Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged... High Unreviewed
CVE-2022-2661 was published Aug 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database