Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,039
Erlang
29
GitHub Actions
18
Go
1,864
Maven
5,000+
npm
3,587
NuGet
636
pip
3,176
Pub
10
RubyGems
852
Rust
805
Swift
34
Unreviewed advisories
All unreviewed
5,000+

477 advisories

The Gotham video-application-server service contained a race condition which would cause it to... Low Unreviewed
CVE-2023-30954 was published Nov 15, 2023
Improper authorization in some Intel Battery Life Diagnostic Tool installation software before... Moderate Unreviewed
CVE-2023-32662 was published Nov 14, 2023
Improper authorization in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2... Moderate Unreviewed
CVE-2023-28378 was published Nov 14, 2023
An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2... Moderate Unreviewed
CVE-2023-36633 was published Nov 14, 2023
Cryptographic issue in HLOS during key management. High Unreviewed
CVE-2023-28556 was published Nov 14, 2023
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes Moderate
CVE-2023-47037 was published for apache-airflow (pip) Nov 12, 2023
r3kumar sunSUNQ
PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block Moderate
CVE-2023-47109 was published for prestashop/blockreassurance (Composer) Nov 8, 2023
Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91. High Unreviewed
CVE-2023-5948 was published Nov 3, 2023
EisBaer Scada - CWE-285: Improper Authorization Critical Unreviewed
CVE-2023-42491 was published Oct 25, 2023
The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of... High Unreviewed
CVE-2021-4334 was published Oct 20, 2023
The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect... High Unreviewed
CVE-2020-36714 was published Oct 20, 2023
The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and... Moderate Unreviewed
CVE-2021-4335 was published Oct 20, 2023
React Developer Tools extension Improper Authorization vulnerability Moderate
CVE-2023-5654 was published for react-devtools-core (npm) Oct 19, 2023
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier)... High Unreviewed
CVE-2023-38220 was published Oct 13, 2023
An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4... High Unreviewed
CVE-2023-41841 was published Oct 10, 2023
Garuda Linux performs an insecure user creation and authentication that allows any user to... High Unreviewed
CVE-2021-3784 was published Oct 4, 2023
Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This... High Unreviewed
CVE-2023-3037 was published Oct 4, 2023
Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows... Moderate Unreviewed
CVE-2023-30736 was published Oct 4, 2023
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions... Moderate Unreviewed
CVE-2023-2233 was published Sep 29, 2023
A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS... Critical Unreviewed
CVE-2023-20186 was published Sep 27, 2023
Sensitive information disclosure and manipulation due to improper authorization. The following... Low Unreviewed
CVE-2023-44154 was published Sep 27, 2023
The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set... High Unreviewed
CVE-2023-44123 was published Sep 27, 2023
The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE... High Unreviewed
CVE-2023-44125 was published Sep 27, 2023
Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client... High Unreviewed
CVE-2023-28055 was published Sep 27, 2023
A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to... High Unreviewed
CVE-2023-0456 was published Sep 27, 2023
ProTip! Advisories are also available from the GraphQL API