Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,039
Erlang
29
GitHub Actions
18
Go
1,864
Maven
5,000+
npm
3,587
NuGet
636
pip
3,176
Pub
10
RubyGems
852
Rust
805
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,118 advisories

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write... High Unreviewed
CVE-2024-22016 was published Feb 2, 2024
Moby (Docker Engine) Insufficiently restricted permissions on data directory Moderate
CVE-2021-41091 was published for github.com/docker/docker (Go) Jan 31, 2024
joanbm AlonZa
neersighted
Privilege Escalation in HashiCorp Consul Moderate
CVE-2020-28053 was published for github.com/hashicorp/consul (Go) Jan 31, 2024
Spring Cloud Contract vulnerable to local information disclosure Low
CVE-2024-22236 was published for org.springframework.cloud:spring-cloud-contract-shade (Maven) Jan 31, 2024
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter Moderate
CVE-2023-48714 was published for silverstripe/framework (Composer) Jan 23, 2024
Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some... Moderate Unreviewed
CVE-2023-38541 was published Jan 19, 2024
Vulnerability of permissions being not strictly verified in the WMS module. Successful... High Unreviewed
CVE-2023-52107 was published Jan 16, 2024
Permission management vulnerability in the multi-screen interaction module. Successful... High Unreviewed
CVE-2023-52116 was published Jan 16, 2024
An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate... High Unreviewed
CVE-2023-49257 was published Jan 12, 2024
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2023-6506 was published Jan 11, 2024
The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due... Moderate Unreviewed
CVE-2023-6883 was published Jan 11, 2024
Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability Moderate Unreviewed
CVE-2024-21305 was published Jan 9, 2024
A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). The affected... High Unreviewed
CVE-2023-44120 was published Jan 9, 2024
There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular... Moderate Unreviewed
CVE-2023-41776 was published Jan 3, 2024
A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing... Moderate Unreviewed
CVE-2023-7055 was published Dec 22, 2023
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the... Critical Unreviewed
CVE-2023-46141 was published Dec 14, 2023
A incorrect permission assignment for critical resource vulnerability in PLCnext products allows... High Unreviewed
CVE-2023-46142 was published Dec 14, 2023
Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG,... Critical Unreviewed
CVE-2023-0757 was published Dec 14, 2023
There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak... Moderate Unreviewed
CVE-2023-25648 was published Dec 14, 2023
Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on... Critical Unreviewed
CVE-2023-6593 was published Dec 12, 2023
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS... Moderate Unreviewed
CVE-2023-42924 was published Dec 12, 2023
An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1. Insufficient permissions... High Unreviewed
CVE-2023-50446 was published Dec 10, 2023
Local Privilege Escalation in Windows High
CVE-2023-49797 was published for pyinstaller (pip) Dec 9, 2023
NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability Critical Unreviewed
CVE-2023-40302 was published Dec 7, 2023
In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a... Critical Unreviewed
CVE-2023-49946 was published Dec 3, 2023
ProTip! Advisories are also available from the GraphQL API