Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,337 advisories

Loading
In imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local... Moderate Unreviewed
CVE-2023-20800 was published Aug 7, 2023
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5.... Moderate Unreviewed
CVE-2023-28468 was published Aug 3, 2023
An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to... Moderate Unreviewed
CVE-2023-38958 was published Aug 3, 2023
IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access... Moderate Unreviewed
CVE-2023-23476 was published Aug 2, 2023
The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of... Moderate Unreviewed
CVE-2023-3957 was published Jul 27, 2023
This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12... Moderate Unreviewed
CVE-2023-35983 was published Jul 27, 2023
Incorrect permission checks in Qualys Web App Scanning Connector Plugin allow capturing credentials Moderate
CVE-2023-39154 was published for com.qualys.plugins:qualys-was (Maven) Jul 26, 2023
Incorrect Permission Checking for GraphQL Subscriptions Moderate
CVE-2023-38503 was published for directus (npm) Jul 25, 2023
madc
Credited to madc
An improper privilege check in the OTRS ticket move action in the agent interface allows any as... Moderate Unreviewed
CVE-2023-38058 was published Jul 24, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11... Moderate Unreviewed
CVE-2023-3484 was published Jul 21, 2023
Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An... Moderate Unreviewed
CVE-2023-32482 was published Jul 20, 2023
Missing permission check in Jenkins Dimensions Plugin allows enumerating credentials IDs Moderate
CVE-2023-32261 was published for org.jenkins-ci.plugins:dimensionsscm (Maven) Jul 19, 2023
Mattermost fails to verify channel membership when linking a board to a channel allowing a low... Moderate Unreviewed
CVE-2023-3582 was published Jul 17, 2023
Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration... Moderate Unreviewed
CVE-2023-3586 was published Jul 17, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.3 before 15... Moderate Unreviewed
CVE-2023-3444 was published Jul 13, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15... Moderate Unreviewed
CVE-2023-2576 was published Jul 13, 2023
Apache Pulsar Function Worker Incorrect Authorization vulnerability Moderate
CVE-2023-37579 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Jul 12, 2023
Pimcore Customer Management Framework vulnerable to Improper Authorization in Rules Controller Moderate
CVE-2023-3574 was published for pimcore/customer-management-framework-bundle (Composer) Jul 10, 2023
aqngoc
Credited to aqngoc
Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and... Moderate Unreviewed
CVE-2023-34197 was published Jul 7, 2023
Sentry CORS misconfiguration Moderate
CVE-2023-36829 was published for sentry (pip) Jul 6, 2023
andr0idp4r4n0id
Credited to andr0idp4r4n0id
Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines... Moderate Unreviewed
CVE-2023-1779 was published Jul 6, 2023
Palantir discovered a software bug in a recently released version of Foundry’s Lime2 service, one... Moderate Unreviewed
CVE-2023-22833 was published Jul 6, 2023
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including... Moderate Unreviewed
CVE-2023-1158 was published Jul 6, 2023
Versions of Sage 300 through 2022 implement role-based access controls that are only enforced... Moderate Unreviewed
CVE-2023-29927 was published Jul 6, 2023
The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting... Moderate Unreviewed
CVE-2023-1979 was published Jul 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database