Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

525 advisories

Loading
No access control for the OTP key   on OTP entries in Devolutions Remote Desktop Manager... Moderate Unreviewed
CVE-2023-1939 was published Jul 6, 2023
Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL... Moderate Unreviewed
CVE-2023-35800 was published Jun 27, 2023
Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An... Moderate Unreviewed
CVE-2023-35799 was published Jun 27, 2023
Broken access control in the Registration page (/Registration.aspx) of Termenos CWX v8.5.6 allows... Moderate Unreviewed
CVE-2023-34797 was published Jun 15, 2023
In multiple files, there is a possible way to access traces in the dev mode due to a permissions... Moderate Unreviewed
CVE-2023-21142 was published Jun 15, 2023
Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin Moderate
CVE-2023-35147 was published for org.jenkins-ci.plugins:aws-codecommit-trigger (Maven) Jun 14, 2023
A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70).... Moderate Unreviewed
CVE-2023-31238 was published Jun 13, 2023
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB... Moderate Unreviewed
CVE-2023-2876 was published Jun 13, 2023
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x... Moderate Unreviewed
CVE-2022-41766 was published May 29, 2023
When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll... Moderate Unreviewed
CVE-2023-33251 was published May 21, 2023
Jenkins Tag Profiler Plugin missing permission check Moderate
CVE-2023-33004 was published for org.jenkins-ci.plugins:tag-profiler (Maven) May 16, 2023
Jenkins Email Extension Plugin missing permission check Moderate
CVE-2023-32979 was published for org.jenkins-ci.plugins:email-ext (Maven) May 16, 2023
Jenkins Azure VM Agents Plugin missing permission checks Moderate
CVE-2023-32990 was published for org.jenkins-ci.plugins:azure-vm-agents (Maven) May 16, 2023
Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged ... Moderate Unreviewed
CVE-2023-31445 was published May 11, 2023
Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows... Moderate Unreviewed
CVE-2022-41771 was published May 10, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15... Moderate Unreviewed
CVE-2023-2478 was published May 8, 2023
NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM... Moderate Unreviewed
CVE-2023-0207 was published Apr 22, 2023
A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could... Moderate Unreviewed
CVE-2023-28123 was published Apr 19, 2023
CubeFS allows Kubernetes cluster-level privilege escalation Moderate
CVE-2023-30512 was published for github.com/cubefs/cubefs (Go) Apr 12, 2023
Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. Moderate Unreviewed
CVE-2022-43309 was published Apr 7, 2023
Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update... Moderate Unreviewed
CVE-2023-0944 was published Apr 5, 2023
A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but... Moderate Unreviewed
CVE-2023-0225 was published Apr 4, 2023
Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module Moderate
CVE-2023-27096 was published for cn.hippo4j:hippo4j-all (Maven) Mar 27, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate
CVE-2022-3146 was published for tripleo-ansible (pip) Mar 23, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate
CVE-2022-3101 was published for tripleo-ansible (pip) Mar 23, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database