GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,804
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,007
Pub
10
RubyGems
830
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+
107,612 advisories
Filter by severity
In Messaging, there is a possible missing permission check. This could lead to local information...
Moderate
Unreviewed
CVE-2023-40647
was published
Oct 8, 2023
In Messaging, there is a possible missing permission check. This could lead to local information...
Moderate
Unreviewed
CVE-2023-40641
was published
Oct 8, 2023
In Messaging, there is a possible missing permission check. This could lead to local information...
Moderate
Unreviewed
CVE-2023-40649
was published
Oct 8, 2023
In FW-PackageManager, there is a possible missing permission check. This could lead to local...
Moderate
Unreviewed
CVE-2023-40654
was published
Oct 8, 2023
In Messaging, there is a possible missing permission check. This could lead to local information...
Moderate
Unreviewed
CVE-2023-40646
was published
Oct 8, 2023
In Messaging, there is a possible missing permission check. This could lead to local information...
Moderate
Unreviewed
CVE-2023-40648
was published
Oct 8, 2023
In urild service, there is a possible out of bounds write due to a missing bounds check. This...
Moderate
Unreviewed
CVE-2023-40651
was published
Oct 8, 2023
In Messaging, there is a possible missing permission check. This could lead to local information...
Moderate
Unreviewed
CVE-2023-40643
was published
Oct 8, 2023
In Messaging, there is a possible missing permission check. This could lead to local information...
Moderate
Unreviewed
CVE-2023-40645
was published
Oct 8, 2023
In jpg driver, there is a possible out of bounds write due to improper input validation. This...
Moderate
Unreviewed
CVE-2023-40652
was published
Oct 8, 2023
In Telecom service, there is a possible missing permission check. This could lead to local...
Moderate
Unreviewed
CVE-2023-40650
was published
Oct 8, 2023
In Dialer, there is a possible missing permission check. This could lead to local information...
Moderate
Unreviewed
CVE-2023-40631
was published
Oct 8, 2023
In SoundRecorder service, there is a possible missing permission check. This could lead to local...
Moderate
Unreviewed
CVE-2023-40640
was published
Oct 8, 2023
In SoundRecorder service, there is a possible missing permission check. This could lead to local...
Moderate
Unreviewed
CVE-2023-40639
was published
Oct 8, 2023
In telecom service, there is a possible missing permission check. This could lead to local...
Moderate
Unreviewed
CVE-2023-40637
was published
Oct 8, 2023
In telecom service, there is a possible way to write permission usage records of an app due to a...
Moderate
Unreviewed
CVE-2023-40636
was published
Oct 8, 2023
In phasecheckserver, there is a possible missing permission check. This could lead to local...
Moderate
Unreviewed
CVE-2023-40633
was published
Oct 8, 2023
In Telecom service, there is a possible missing permission check. This could lead to local denial...
Moderate
Unreviewed
CVE-2023-40638
was published
Oct 8, 2023
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in...
Moderate
Unreviewed
CVE-2023-5182
was published
Oct 7, 2023
** DISPUTED ** libxml2 through 2.11.5 has a use-after-free that can only occur after a certain...
Moderate
Unreviewed
CVE-2023-45322
was published
Oct 7, 2023
In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into...
Moderate
Unreviewed
CVE-2023-21252
was published
Oct 6, 2023
IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2)...
Moderate
Unreviewed
CVE-2022-34355
was published
Oct 6, 2023
In multiple locations, there is a possible way to crash multiple system services due to resource...
Moderate
Unreviewed
CVE-2023-21253
was published
Oct 6, 2023
In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a...
Moderate
Unreviewed
CVE-2023-21244
was published
Oct 6, 2023
In visitUris of Notification.java, there is a possible way to reveal image contents from another...
Moderate
Unreviewed
CVE-2023-21291
was published
Oct 6, 2023
ProTip!
Advisories are also available from the
GraphQL API