GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
456 advisories
Filter by severity
Lost and Found Information System 1.0 allows account takeover via username and password to a ...
Critical
Unreviewed
CVE-2023-38965
was published
Nov 3, 2023
The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization...
Moderate
Unreviewed
CVE-2023-4836
was published
Oct 31, 2023
An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted...
High
Unreviewed
CVE-2023-46478
was published
Oct 31, 2023
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a...
Moderate
Unreviewed
CVE-2023-3998
was published
Oct 20, 2023
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a...
Moderate
Unreviewed
CVE-2023-3869
was published
Oct 20, 2023
A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS...
Moderate
Unreviewed
CVE-2022-24400
was published
Oct 19, 2023
Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA...
High
Unreviewed
CVE-2022-24401
was published
Oct 19, 2023
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed...
Moderate
Unreviewed
CVE-2023-3707
was published
Oct 16, 2023
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed...
Moderate
Unreviewed
CVE-2023-3706
was published
Oct 16, 2023
An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows...
Moderate
Unreviewed
CVE-2023-45393
was published
Oct 13, 2023
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier)...
High
Unreviewed
CVE-2023-38218
was published
Oct 13, 2023
An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in...
Moderate
Unreviewed
CVE-2023-45396
was published
Oct 11, 2023
An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet...
Moderate
Unreviewed
CVE-2023-44249
was published
Oct 10, 2023
An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive...
Moderate
Unreviewed
CVE-2023-26237
was published
Oct 5, 2023
Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php"....
Moderate
Unreviewed
CVE-2023-2544
was published
Oct 3, 2023
Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could...
Moderate
Unreviewed
CVE-2023-32669
was published
Oct 3, 2023
The QSige login SSO does not have an access control mechanism to verify whether the user...
Moderate
Unreviewed
CVE-2023-4101
was published
Oct 3, 2023
The QSige Monitor application does not have an access control mechanism to verify whether the...
Moderate
Unreviewed
CVE-2023-4099
was published
Oct 3, 2023
Sensitive information disclosure due to improper authorization. The following products are...
Low
Unreviewed
CVE-2023-44205
was published
Sep 27, 2023
Sensitive information disclosure and manipulation due to improper authorization. The following...
High
Unreviewed
CVE-2023-44206
was published
Sep 27, 2023
Sensitive information disclosure and manipulation due to improper authorization. The following...
Low
Unreviewed
CVE-2023-44154
was published
Sep 27, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2023-4934
was published
Sep 27, 2023
An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a...
Moderate
Unreviewed
CVE-2023-42334
was published
Sep 20, 2023
The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107,...
Moderate
Unreviewed
CVE-2023-41368
was published
Sep 14, 2023
The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object...
High
Unreviewed
CVE-2023-4213
was published
Sep 13, 2023
ProTip!
Advisories are also available from the
GraphQL API