Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,124 advisories

A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This... Moderate Unreviewed
CVE-2023-5329 was published Oct 2, 2023
A vulnerability classified as critical has been found in SATO CL4NX-J Plus 1.13.2-u455_r2. This... Moderate Unreviewed
CVE-2023-5328 was published Oct 2, 2023
A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has been declared as critical.... Moderate Unreviewed
CVE-2023-5326 was published Oct 2, 2023
Sensitive information disclosure and manipulation due to improper authentication. The following... Moderate Unreviewed
CVE-2023-44152 was published Sep 27, 2023
Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST... Moderate Unreviewed
CVE-2023-41904 was published Sep 27, 2023
A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901.... Moderate Unreviewed
CVE-2023-4985 was published Sep 15, 2023
PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and... Moderate Unreviewed
CVE-2023-4568 was published Sep 13, 2023
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of... Moderate Unreviewed
CVE-2023-39215 was published Sep 12, 2023
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and... Moderate Unreviewed
CVE-2023-29463 was published Sep 12, 2023
Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn... Moderate Unreviewed
CVE-2023-4498 was published Sep 6, 2023
Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to... Moderate Unreviewed
CVE-2023-30725 was published Sep 6, 2023
Sensitive information disclosure due to improper token expiration validation. The following... Moderate Unreviewed
CVE-2023-41751 was published Aug 31, 2023
** UNSUPPPORTED WHEN ASSIGNED ** Improper authentication vulnerability in Rakuten WiFi Pocket all... Moderate Unreviewed
CVE-2023-40282 was published Aug 23, 2023
Sentry vulnerable to incorrect credential validation on OAuth token requests Moderate
CVE-2023-39531 was published for sentry (pip) Aug 9, 2023
EricHasegawa
The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health... Moderate Unreviewed
CVE-2023-4242 was published Aug 9, 2023
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker... Moderate Unreviewed
CVE-2023-36926 was published Aug 8, 2023
ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel. Moderate Unreviewed
CVE-2023-39112 was published Aug 4, 2023
matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs Moderate
CVE-2023-38691 was published for matrix-appservice-bridge (npm) Aug 4, 2023
Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password... Moderate Unreviewed
CVE-2023-3470 was published Aug 2, 2023
Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged... Moderate Unreviewed
CVE-2023-3622 was published Jul 26, 2023
Dapr API token authentication bypass in HTTP endpoints Moderate
CVE-2023-37918 was published for github.com/dapr/dapr (Go) Jul 21, 2023
ItalyPaleAle
Keycloak: Impersonation and lockout possible through incorrect handling of email trust Moderate
CVE-2023-0105 was published for org.keycloak:keycloak-core (Maven) Jul 18, 2023
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to... Moderate Unreviewed
CVE-2023-35901 was published Jul 17, 2023
Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty... Moderate Unreviewed
CVE-2023-2975 was published Jul 14, 2023
The configuration from the PCU can be modified without authentication using physical connection... Moderate Unreviewed
CVE-2023-30560 was published Jul 13, 2023
ProTip! Advisories are also available from the GraphQL API