Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

274 advisories

Loading
The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user... Critical Unreviewed
CVE-2023-3076 was published Jul 10, 2023
Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise,... Critical Unreviewed
CVE-2023-0635 was published Jul 6, 2023
Apache InLong Improper Privilege Management vulnerability Critical
CVE-2023-31062 was published for org.apache.inlong:manager-dao (Maven) Jul 6, 2023
Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this... Critical Unreviewed
CVE-2021-46894 was published Jul 6, 2023
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user... Critical Unreviewed
CVE-2023-3460 was published Jul 4, 2023
XWiki Platform's Mail.MailConfig can be edited by any user with edit rights Critical
CVE-2023-34465 was published for org.xwiki.platform:xwiki-platform-mail-send-default (Maven) Jun 20, 2023
Rancher vulnerable to Privilege Escalation via manipulation of Secrets Critical
CVE-2023-22647 was published for github.com/rancher/rancher (Go) Jun 6, 2023
andrewpollock
In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in... Critical Unreviewed
CVE-2023-32713 was published Jun 1, 2023
An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation... Critical Unreviewed
CVE-2023-29734 was published May 30, 2023
Code execution and sensitive information disclosure due to excessive privileges assigned to... Critical Unreviewed
CVE-2022-3405 was published May 3, 2023
Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges... Critical Unreviewed
CVE-2023-1966 was published Apr 28, 2023
Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local... Critical Unreviewed
CVE-2023-25133 was published Apr 24, 2023
Apache Spark vulnerable to Improper Privilege Management Critical
CVE-2023-22946 was published for org.apache.spark:spark-core_2.12 (Maven) Apr 17, 2023
pan3793
TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via... Critical Unreviewed
CVE-2023-27830 was published Apr 12, 2023
xwiki-platform vulnerable to Remote Code Execution in Annotations Critical
CVE-2023-26475 was published for org.xwiki.platform:xwiki-platform-annotation-ui (Maven) Mar 2, 2023
renniepak
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges... Critical Unreviewed
CVE-2022-45101 was published Feb 1, 2023
The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure... Critical Unreviewed
CVE-2022-4305 was published Jan 23, 2023
JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to... Critical Unreviewed
CVE-2022-0668 was published Jan 8, 2023
Improper Privilege Management in rdiffweb Critical
CVE-2022-4314 was published for rdiffweb (pip) Dec 12, 2022
A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that... Critical Unreviewed
CVE-2022-27773 was published Dec 6, 2022
An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to... Critical Unreviewed
CVE-2022-44929 was published Dec 2, 2022
Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation... Critical Unreviewed
CVE-2022-37016 was published Dec 1, 2022
Dolibarr vulnerable to privilege escalation Critical
CVE-2022-43138 was published for dolibarr/dolibarr (Composer) Nov 17, 2022
The system framework layer has a vulnerability of serialization/deserialization mismatch.... Critical Unreviewed
CVE-2022-44562 was published Nov 10, 2022
Vela Insecure Defaults Critical
CVE-2022-39395 was published for github.com/go-vela/server (Go) Nov 9, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database