Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

987 advisories

Loading
Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered... Moderate Unreviewed
CVE-2023-0959 was published Apr 5, 2023
Apiman vulnerable to permissions bypass due to missing check on API key URL Moderate
CVE-2023-28640 was published for io.apiman:apiman-manager-api-rest-impl (Maven) Mar 27, 2023
volkflo
Credited to volkflo
Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process Moderate
CVE-2023-28436 was published for tailscale.com (Go) Mar 23, 2023
rmb938
Credited to rmb938
ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center... Moderate Unreviewed
CVE-2023-26600 was published Mar 6, 2023
Improper Privilege Management in Apache Sling Moderate
CVE-2023-25621 was published for org.apache.sling:org.apache.sling.i18n (Maven) Feb 23, 2023
An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and... Moderate Unreviewed
CVE-2022-38378 was published Feb 16, 2023
Privilege escalation in Strongbox Moderate
GHSA-mhgm-52vg-pvvc was published for com.schibsted.security:strongbox-sdk (Maven) Feb 16, 2023
tdunlap607
Credited to tdunlap607
Supplementary groups are not set up properly in github.com/containerd/containerd Moderate
CVE-2023-25173 was published for github.com/containerd/containerd (Go) Feb 16, 2023
Issue with whitespace in JWT roles in OpenSearch Moderate
CVE-2023-23612 was published for org.opensearch.plugin:opensearch-security (Maven) Jan 24, 2023
binary-1024
Credited to binary-1024
Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in... Moderate Unreviewed
CVE-2023-0221 was published Jan 13, 2023
Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability. Moderate Unreviewed
CVE-2022-41115 was published Dec 13, 2022
Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an... Moderate Unreviewed
CVE-2022-38124 was published Dec 13, 2022
Sentry vulnerable to invite code reuse via cookie manipulation Moderate
CVE-2022-23485 was published for sentry (pip) Dec 12, 2022
tdunlap607
Credited to tdunlap607
Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid... Moderate Unreviewed
CVE-2022-37929 was published Dec 12, 2022
Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low... Moderate Unreviewed
CVE-2022-4264 was published Dec 9, 2022
In Wi-Fi, there is a possible memory access violation due to a logic error. This could lead to... Moderate Unreviewed
CVE-2022-32633 was published Dec 5, 2022
An improper privilege management vulnerability was identified in GitHub Enterprise Server that... Moderate Unreviewed
CVE-2022-23737 was published Dec 1, 2022
Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3... Moderate Unreviewed
CVE-2022-1606 was published Nov 30, 2022
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass... Moderate Unreviewed
CVE-2022-40772 was published Nov 23, 2022
An Improper Access Control vulnerability in the bdservicehost.exe component, as used in... Moderate Unreviewed
CVE-2022-3369 was published Nov 1, 2022
The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and... Moderate Unreviewed
CVE-2022-3419 was published Oct 31, 2022
An authenticated attacker could read Nessus Debug Log file attachments from the web UI without... Moderate Unreviewed
CVE-2022-33757 was published Oct 25, 2022
Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A... Moderate Unreviewed
CVE-2022-34438 was published Oct 21, 2022
In Simple Exam Reviewer Management System v1.0 the User List function has improper access control... Moderate Unreviewed
CVE-2022-42197 was published Oct 20, 2022
Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager... Moderate Unreviewed
CVE-2022-2249 was published Oct 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database