Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,874 advisories

Loading
The Sepolicy module has inappropriate permission control on the use of Netlink.Successful... High Unreviewed
CVE-2022-48514 was published Jul 6, 2023
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of... High Unreviewed
CVE-2023-36539 was published Jun 30, 2023
IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid... High Unreviewed
CVE-2023-30993 was published Jun 27, 2023
The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions... High Unreviewed
CVE-2023-3132 was published Jun 27, 2023
Apache Airflow vulnerable to exposure of sensitive information High
CVE-2023-35005 was published for apache-airflow (pip) Jun 19, 2023
Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote... High Unreviewed
CVE-2023-28175 was published Jun 15, 2023
IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through... High Unreviewed
CVE-2023-25683 was published Jun 15, 2023
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software... High Unreviewed
CVE-2023-33933 was published Jun 14, 2023
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software... High Unreviewed
CVE-2022-47184 was published Jun 14, 2023
Dolibarr vulnerable to unauthenticated database access High
CVE-2023-33568 was published for dolibarr/dolibarr (Composer) Jun 13, 2023
The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter. High Unreviewed
CVE-2023-22586 was published Jun 11, 2023
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) High
CVE-2023-34092 was published for vite (npm) Jun 6, 2023
agussetyar ajaymahadeven
dloetzke
Credited to agussetyar, ajaymahadeven, and dloetzke
Download Center fails to properly validate the file path submitted by a user, An attacker can... High Unreviewed
CVE-2023-2749 was published May 31, 2023
ROZCOM server framework - Misconfiguration may allow information disclosure via an unspecified... High Unreviewed
CVE-2023-31185 was published May 30, 2023
Synapse does not apply enough checks to servers requesting auth events of events in a room High
CVE-2022-39335 was published for matrix-synapse (pip) May 24, 2023
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have... High Unreviewed
CVE-2023-0812 was published May 15, 2023
IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential... High Unreviewed
CVE-2023-27870 was published May 11, 2023
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1... High Unreviewed
CVE-2023-29106 was published May 9, 2023
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated... High Unreviewed
CVE-2023-30740 was published May 9, 2023
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated... High Unreviewed
CVE-2023-28762 was published May 9, 2023
Milesight NCR/camera version 71.8.0.6-r5 discloses sensitive information through an unspecified... High Unreviewed
CVE-2023-24505 was published May 8, 2023
Ghost vulnerable to information disclosure of private API fields High
CVE-2023-31133 was published for ghost (npm) May 3, 2023
cpaczek
Credited to cpaczek
The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need... High Unreviewed
CVE-2023-1809 was published May 2, 2023
Data written to GitHub Actions Cache may expose secrets High
CVE-2023-30853 was published for gradle/gradle-build-action (GitHub Actions) May 1, 2023
bigdaz
Credited to bigdaz
Hidden fields can be leaked on readable collections in Payload High
CVE-2023-30843 was published for payload (npm) Apr 26, 2023
cpaczek
Credited to cpaczek
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database