Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

542 advisories

Loading
Moodle Cross-site Scripting vulnerability Moderate
CVE-2023-5544 was published for moodle/moodle (Composer) Nov 9, 2023
AsyncSSH Rogue Session Attack High
CVE-2023-46446 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
In the module "Order Duplicator " Clone and Delete Existing Order" (orderduplicate) in version <=... High Unreviewed
CVE-2023-45380 was published Nov 8, 2023
NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal... Moderate Unreviewed
CVE-2023-41356 was published Nov 3, 2023
Lost and Found Information System 1.0 allows account takeover via username and password to a ... Critical Unreviewed
CVE-2023-38965 was published Nov 3, 2023
The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization... Moderate Unreviewed
CVE-2023-4836 was published Oct 31, 2023
An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted... High Unreviewed
CVE-2023-46478 was published Oct 31, 2023
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a... Moderate Unreviewed
CVE-2023-3998 was published Oct 20, 2023
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a... Moderate Unreviewed
CVE-2023-3869 was published Oct 20, 2023
A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS... Moderate Unreviewed
CVE-2022-24400 was published Oct 19, 2023
Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA... High Unreviewed
CVE-2022-24401 was published Oct 19, 2023
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed... Moderate Unreviewed
CVE-2023-3707 was published Oct 16, 2023
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed... Moderate Unreviewed
CVE-2023-3706 was published Oct 16, 2023
Authorization Bypass in Apache InLong Critical
CVE-2023-43668 was published for org.apache.inlong:manager-pojo (Maven) Oct 16, 2023
An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows... Moderate Unreviewed
CVE-2023-45393 was published Oct 13, 2023
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier)... High Unreviewed
CVE-2023-38218 was published Oct 13, 2023
An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in... Moderate Unreviewed
CVE-2023-45396 was published Oct 11, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper Critical
CVE-2023-44981 was published for org.apache.zookeeper:zookeeper (Maven) Oct 11, 2023
An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet... Moderate Unreviewed
CVE-2023-44249 was published Oct 10, 2023
An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive... Moderate Unreviewed
CVE-2023-26237 was published Oct 5, 2023
Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php".... Moderate Unreviewed
CVE-2023-2544 was published Oct 3, 2023
Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could... Moderate Unreviewed
CVE-2023-32669 was published Oct 3, 2023
The QSige login SSO does not have an access control mechanism to verify whether the user... Moderate Unreviewed
CVE-2023-4101 was published Oct 3, 2023
The QSige Monitor application does not have an access control mechanism to verify whether the... Moderate Unreviewed
CVE-2023-4099 was published Oct 3, 2023
Economizzer Insecure Direct Object Reference vulnerability Low
CVE-2023-38872 was published for gugoan/economizzer (Composer) Sep 28, 2023
ProTip! Advisories are also available from the GraphQL API