GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,680
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,473
NuGet
603
pip
2,993
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
92,722 advisories
Filter by severity
In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI...
High
Unreviewed
CVE-2023-21139
was published
Jun 15, 2023
In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or...
High
Unreviewed
CVE-2023-21144
was published
Jun 15, 2023
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier)...
High
Unreviewed
CVE-2023-29297
was published
Jun 15, 2023
In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use...
High
Unreviewed
CVE-2023-21108
was published
Jun 15, 2023
In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper...
High
Unreviewed
CVE-2023-21120
was published
Jun 15, 2023
In multiple functions of multiple files, there is a possible way to bypass the...
High
Unreviewed
CVE-2023-21123
was published
Jun 15, 2023
In various functions of various files, there is a possible way to bypass the...
High
Unreviewed
CVE-2023-21122
was published
Jun 15, 2023
In run of multiple files, there is a possible escalation of privilege due to unsafe...
High
Unreviewed
CVE-2023-21124
was published
Jun 15, 2023
In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a...
High
Unreviewed
CVE-2023-21129
was published
Jun 15, 2023
In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch...
High
Unreviewed
CVE-2023-21126
was published
Jun 15, 2023
In various functions of AppStandbyController.java, there is a possible way to break manageability...
High
Unreviewed
CVE-2023-21128
was published
Jun 15, 2023
In onCreate of NotificationAccessSettings.java, there is a possible failure to persist...
High
Unreviewed
CVE-2023-21135
was published
Jun 15, 2023
In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race...
High
Unreviewed
CVE-2023-21101
was published
Jun 15, 2023
In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type...
High
Unreviewed
CVE-2023-21115
was published
Jun 15, 2023
In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass...
High
Unreviewed
CVE-2023-21131
was published
Jun 15, 2023
In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due...
High
Unreviewed
CVE-2023-21138
was published
Jun 15, 2023
In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to...
High
Unreviewed
CVE-2023-21127
was published
Jun 15, 2023
In onResume of AppManagementFragment.java, there is a possible way to prevent users from...
High
Unreviewed
CVE-2023-21121
was published
Jun 15, 2023
snappy-java's unchecked chunk length leads to DoS
High
CVE-2023-34455
was published
for
org.xerial.snappy:snappy-java
(Maven)
Jun 15, 2023
Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo...
High
Unreviewed
CVE-2023-27634
was published
Jun 15, 2023
Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Videos...
High
Unreviewed
CVE-2023-25055
was published
Jun 15, 2023
HuTool XML parsing module has blind XXE vulnerability
High
CVE-2023-3276
was published
for
cn.hutool:hutool-core
(Maven)
Jun 15, 2023
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 )...
High
Unreviewed
CVE-2023-23802
was published
Jun 15, 2023
Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP – Donation Plugin and...
High
Unreviewed
CVE-2023-25450
was published
Jun 15, 2023
Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote...
High
Unreviewed
CVE-2023-28175
was published
Jun 15, 2023
ProTip!
Advisories are also available from the
GraphQL API