GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
753 advisories
Filter by severity
Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote...
High
Unreviewed
CVE-2023-28175
was published
Jun 15, 2023
nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation...
High
Unreviewed
CVE-2023-34161
was published
Jun 19, 2023
A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed...
High
Unreviewed
CVE-2023-0971
was published
Jun 21, 2023
XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad...
High
Unreviewed
CVE-2023-34923
was published
Jun 22, 2023
there is a possible way to bypass the protected confirmation screen due to Failure to lock...
High
Unreviewed
CVE-2023-21225
was published
Jun 28, 2023
Inappropriate authorization vulnerability in the system apps. Successful exploitation of this...
High
Unreviewed
CVE-2022-48508
was published
Jul 6, 2023
An attacker with local access to the system can make unauthorized modifications of the security...
High
Unreviewed
CVE-2021-26360
was published
Jul 6, 2023
D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. *Information...
High
Unreviewed
CVE-2022-36785
was published
Jul 6, 2023
A vulnerability exists in the affected versions of Lumada APM’s User Asset Group feature due to a...
High
Unreviewed
CVE-2022-2155
was published
Jul 6, 2023
A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against...
High
Unreviewed
CVE-2023-22610
was published
Jul 6, 2023
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27...
High
Unreviewed
CVE-2022-43770
was published
Jul 6, 2023
Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as...
High
Unreviewed
CVE-2023-2534
was published
Jul 6, 2023
SGUDA U-Lock central lock control service’s user management function has incorrect authorization....
High
Unreviewed
CVE-2022-46308
was published
Jul 6, 2023
SGUDA U-Lock central lock control service’s lock management function has incorrect authorization....
High
Unreviewed
CVE-2022-46307
was published
Jul 6, 2023
Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted...
High
Unreviewed
CVE-2023-3590
was published
Jul 17, 2023
An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain...
High
Unreviewed
CVE-2022-26563
was published
Jul 18, 2023
An access control issue in WebBoss.io CMS v3.7.0 allows attackers to access the Website Backup...
High
Unreviewed
CVE-2023-36339
was published
Jul 21, 2023
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission...
High
Unreviewed
CVE-2023-2640
was published
Jul 26, 2023
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data...
High
Unreviewed
CVE-2023-32629
was published
Jul 26, 2023
Vulnerability of incomplete permission verification in the input method module. Successful...
High
Unreviewed
CVE-2023-39384
was published
Aug 13, 2023
The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin,...
High
Unreviewed
CVE-2023-4019
was published
Sep 4, 2023
IBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a...
High
Unreviewed
CVE-2023-30995
was published
Sep 8, 2023
A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which...
High
Unreviewed
CVE-2023-4814
was published
Sep 14, 2023
Weak access control in Wing FTP Server (Admin Web Client) allows for privilege escalation.This...
High
Unreviewed
CVE-2023-37881
was published
Sep 15, 2023
Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0...
High
Unreviewed
CVE-2023-4997
was published
Oct 4, 2023
ProTip!
Advisories are also available from the
GraphQL API