GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,124 advisories
Filter by severity
A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This...
Moderate
Unreviewed
CVE-2023-5329
was published
Oct 2, 2023
A vulnerability classified as critical has been found in SATO CL4NX-J Plus 1.13.2-u455_r2. This...
Moderate
Unreviewed
CVE-2023-5328
was published
Oct 2, 2023
A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has been declared as critical....
Moderate
Unreviewed
CVE-2023-5326
was published
Oct 2, 2023
Sensitive information disclosure and manipulation due to improper authentication. The following...
Moderate
Unreviewed
CVE-2023-44152
was published
Sep 27, 2023
Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST...
Moderate
Unreviewed
CVE-2023-41904
was published
Sep 27, 2023
A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901....
Moderate
Unreviewed
CVE-2023-4985
was published
Sep 15, 2023
PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and...
Moderate
Unreviewed
CVE-2023-4568
was published
Sep 13, 2023
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of...
Moderate
Unreviewed
CVE-2023-39215
was published
Sep 12, 2023
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and...
Moderate
Unreviewed
CVE-2023-29463
was published
Sep 12, 2023
Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn...
Moderate
Unreviewed
CVE-2023-4498
was published
Sep 6, 2023
Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to...
Moderate
Unreviewed
CVE-2023-30725
was published
Sep 6, 2023
Sensitive information disclosure due to improper token expiration validation. The following...
Moderate
Unreviewed
CVE-2023-41751
was published
Aug 31, 2023
** UNSUPPPORTED WHEN ASSIGNED ** Improper authentication vulnerability in Rakuten WiFi Pocket all...
Moderate
Unreviewed
CVE-2023-40282
was published
Aug 23, 2023
Sentry vulnerable to incorrect credential validation on OAuth token requests
Moderate
CVE-2023-39531
was published
for
sentry
(pip)
Aug 9, 2023
The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health...
Moderate
Unreviewed
CVE-2023-4242
was published
Aug 9, 2023
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker...
Moderate
Unreviewed
CVE-2023-36926
was published
Aug 8, 2023
ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel.
Moderate
Unreviewed
CVE-2023-39112
was published
Aug 4, 2023
matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs
Moderate
CVE-2023-38691
was published
for
matrix-appservice-bridge
(npm)
Aug 4, 2023
Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password...
Moderate
Unreviewed
CVE-2023-3470
was published
Aug 2, 2023
Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged...
Moderate
Unreviewed
CVE-2023-3622
was published
Jul 26, 2023
Dapr API token authentication bypass in HTTP endpoints
Moderate
CVE-2023-37918
was published
for
github.com/dapr/dapr
(Go)
Jul 21, 2023
Keycloak: Impersonation and lockout possible through incorrect handling of email trust
Moderate
CVE-2023-0105
was published
for
org.keycloak:keycloak-core
(Maven)
Jul 18, 2023
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to...
Moderate
Unreviewed
CVE-2023-35901
was published
Jul 17, 2023
Issue summary: The AES-SIV cipher implementation contains a bug that causes
it to ignore empty...
Moderate
Unreviewed
CVE-2023-2975
was published
Jul 14, 2023
The configuration from the PCU can be modified without authentication using physical connection...
Moderate
Unreviewed
CVE-2023-30560
was published
Jul 13, 2023
ProTip!
Advisories are also available from the
GraphQL API