Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

385 advisories

Loading
HashiCorp Vault's PKI mount vulnerable to denial of service Moderate
CVE-2023-0665 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
Moodle may allow students to bypass sequential navigation during a quiz attempt Moderate
CVE-2022-40208 was published for moodle/moodle (Composer) Mar 24, 2023
Potential network policy bypass when routing IPv6 traffic Moderate
CVE-2023-27594 was published for github.com/cilium/cilium (Go) Mar 17, 2023
ysksuzuki
Credited to ysksuzuki
Improper Authorization in nilsteampassnet/teampass Moderate
CVE-2023-1463 was published for nilsteampassnet/teampass (Composer) Mar 17, 2023
Wallabag Improper Authorization vulnerability Moderate
CVE-2023-0734 was published for wallabag/wallabag (Composer) Mar 5, 2023
Pixelfed may allow unauthorized actor to view private posts Moderate
CVE-2023-0914 was published for pixelfed/pixelfed (Composer) Feb 19, 2023
Improper Authorization in GitHub repository phpipam/phpipam prior to v1.5.1. Moderate Unreviewed
CVE-2023-0678 was published Feb 4, 2023
wallabag contains Improper Authorization via export feature Moderate
CVE-2023-0609 was published for wallabag/wallabag (Composer) Feb 2, 2023
bAuh0lz
Credited to bAuh0lz
Symfony storing cookie headers in HttpCache Moderate
CVE-2022-24894 was published for symfony/http-kernel (Composer) Feb 1, 2023
nicolas-grekas shyim
Credited to nicolas-grekas and shyim
Withdrawn: wallabag subject to Improper Authorization via annotations Moderate
GHSA-xrw3-wqph-3fxg was published for wallabag/wallabag (Composer) Feb 1, 2023 withdrawn
Withdrawn: wallabag subject to Improper Authorization Moderate
GHSA-h45f-rjvw-2rv2 was published for wallabag/wallabag (Composer) Feb 1, 2023 withdrawn
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to... Moderate Unreviewed
CVE-2022-3740 was published Jan 26, 2023
Improper Authorization in grumpydictator/firefly-iii Moderate
CVE-2023-0298 was published for grumpydictator/firefly-iii (Composer) Jan 14, 2023
A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This... Moderate Unreviewed
CVE-2015-10033 was published Jan 9, 2023
Froxlor Improper Authorization vulnerability Moderate
CVE-2022-4868 was published for froxlor/froxlor (Composer) Dec 31, 2022
Huawei Aslan Children's Watch has an improper authorization vulnerability. Successful exploit... Moderate Unreviewed
CVE-2022-45874 was published Dec 28, 2022
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4811 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos vulnerable to Improper Authorization Moderate
CVE-2022-4802 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4798 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4804 was published for github.com/usememos/memos (Go) Dec 28, 2022
The parent process would not properly check whether the Speech Synthesis feature is enabled, when... Moderate Unreviewed
CVE-2022-29913 was published Dec 22, 2022
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP... Moderate Unreviewed
CVE-2022-3187 was published Dec 22, 2022
A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension... Moderate Unreviewed
CVE-2022-4613 was published Dec 19, 2022
A vulnerability, which was classified as problematic, has been found in Click Studios... Moderate Unreviewed
CVE-2022-3876 was published Dec 19, 2022
OpenFGA Authorization Bypass via tupleset wildcard Moderate
CVE-2022-39341 was published for github.com/openfga/openfga (Go) Oct 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database