Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

500 advisories

Loading
A PendingIntent hijacking vulnerability was reported in the Motorola Face Unlock application... Moderate Unreviewed
CVE-2023-41819 was published May 3, 2024
Moodle Email media URL tokens were not checking for user status Moderate
CVE-2019-14883 was published for moodle/moodle (Composer) May 24, 2022
D-Link D-View showUsers Improper Authorization Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2023-44410 was published May 3, 2024
D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2023-32168 was published May 3, 2024
A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight... High Unreviewed
CVE-2023-47166 was published May 1, 2024
Unauthorized privilege escalation in Mod module Moderate
CVE-2020-15278 was published for red-discordbot (pip) Oct 27, 2020
Jackenmen
An incorrect authorization vulnerability has been reported to affect several QNAP operating... High Unreviewed
CVE-2023-50363 was published Apr 26, 2024
Bytebase allows low-privilege users to view admin projects Moderate
CVE-2022-32170 was published for github.com/bytebase/bytebase (Go) Sep 29, 2022
Keycloak users may be able to remove MFA from other users' devices Moderate
CVE-2020-10686 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
Obsidian does not require user confirmation for non-http/https URLs. Critical
CVE-2021-38148 was published for obsidian (npm) May 24, 2022
Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing... High Unreviewed
CVE-2023-28584 was published Sep 5, 2023
Transient DOS due to improper authorization in Modem High Unreviewed
CVE-2022-40521 was published Jun 6, 2023
Microsoft Outlook Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-21402 was published Feb 13, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline Low
CVE-2024-30260 was published for undici (npm) Apr 4, 2024
OpenFGA Authorization Bypass High
CVE-2024-31452 was published for github.com/openfga/openfga (Go) Apr 16, 2024
lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members... Critical Unreviewed
CVE-2024-1741 was published Apr 10, 2024
Cryptographic issue in HLOS during key management. High Unreviewed
CVE-2023-28556 was published Nov 14, 2023
Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA... High Unreviewed
CVE-2023-33020 was published Sep 5, 2023
Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station... High Unreviewed
CVE-2023-33019 was published Sep 5, 2023
Transient DOS due to improper authentication in modem while receiving plain TLB OTA request... High Unreviewed
CVE-2022-40536 was published Jun 6, 2023
A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to... High Unreviewed
CVE-2023-0456 was published Sep 27, 2023
A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could... High Unreviewed
CVE-2020-3267 was published May 24, 2022
GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is... High Unreviewed
CVE-2018-19581 was published May 24, 2022
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization... High Unreviewed
CVE-2020-36696 was published Jun 7, 2023
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to... Moderate Unreviewed
CVE-2023-30948 was published Jun 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database