Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,383 advisories

Loading
NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM... Moderate Unreviewed
CVE-2023-0207 was published Apr 22, 2023
A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could... Moderate Unreviewed
CVE-2023-28123 was published Apr 19, 2023
Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to... High Unreviewed
CVE-2023-22294 was published Apr 18, 2023
An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos... High Unreviewed
CVE-2023-28960 was published Apr 18, 2023
CubeFS allows Kubernetes cluster-level privilege escalation Moderate
CVE-2023-30512 was published for github.com/cubefs/cubefs (Go) Apr 12, 2023
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms... High Unreviewed
CVE-2023-24626 was published Apr 8, 2023
Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. Moderate Unreviewed
CVE-2022-43309 was published Apr 7, 2023
Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update... Moderate Unreviewed
CVE-2023-0944 was published Apr 5, 2023
A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but... Moderate Unreviewed
CVE-2023-0225 was published Apr 4, 2023
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2,... High Unreviewed
CVE-2022-43773 was published Apr 3, 2023
RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories... High Unreviewed
CVE-2023-1516 was published Mar 28, 2023
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set... High Unreviewed
CVE-2023-1135 was published Mar 27, 2023
Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module Moderate
CVE-2023-27096 was published for cn.hippo4j:hippo4j-all (Maven) Mar 27, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate
CVE-2022-3146 was published for tripleo-ansible (pip) Mar 23, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate
CVE-2022-3101 was published for tripleo-ansible (pip) Mar 23, 2023
The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 has a flawed CSRF and... Moderate Unreviewed
CVE-2022-4148 was published Mar 20, 2023
Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to... Moderate Unreviewed
CVE-2023-27084 was published Mar 16, 2023
Exposure of Sensitive Information in OpenGoofy Hippo4j Moderate
CVE-2023-27095 was published for cn.hippo4j:hippo4j-core (Maven) Mar 16, 2023
Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower Low
CVE-2023-23939 was published for Azure/setup-kubectl (GitHub Actions) Mar 7, 2023
An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06... High Unreviewed
CVE-2022-45552 was published Mar 3, 2023
Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability... Critical Unreviewed
CVE-2023-24205 was published Feb 24, 2023
Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password... High Unreviewed
CVE-2022-44216 was published Feb 20, 2023
An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a... High Unreviewed
CVE-2021-3172 was published Feb 17, 2023
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration... Moderate Unreviewed
CVE-2022-21939 was published Feb 9, 2023
Insecure Permissions issue in jeecg-boot High
CVE-2021-37305 was published for org.jeecgframework.boot:jeecg-boot-base (Maven) Feb 3, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database