Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,130 advisories

Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged... Moderate Unreviewed
CVE-2023-3622 was published Jul 26, 2023
Dapr API token authentication bypass in HTTP endpoints Moderate
CVE-2023-37918 was published for github.com/dapr/dapr (Go) Jul 21, 2023
ItalyPaleAle
Keycloak: Impersonation and lockout possible through incorrect handling of email trust Moderate
CVE-2023-0105 was published for org.keycloak:keycloak-core (Maven) Jul 18, 2023
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to... Moderate Unreviewed
CVE-2023-35901 was published Jul 17, 2023
Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty... Moderate Unreviewed
CVE-2023-2975 was published Jul 14, 2023
The configuration from the PCU can be modified without authentication using physical connection... Moderate Unreviewed
CVE-2023-30560 was published Jul 13, 2023
The firmware update package for the wireless card is not properly signed and can be modified. Moderate Unreviewed
CVE-2023-30559 was published Jul 13, 2023
An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6,... Moderate Unreviewed
CVE-2023-3362 was published Jul 13, 2023
Apache Pulsar Broker Improper Authentication vulnerability Moderate
CVE-2023-31007 was published for org.apache.pulsar:pulsar-broker (Maven) Jul 12, 2023
The listed versions of Nexx Smart Home devices could allow any user to register an already... Moderate Unreviewed
CVE-2023-1752 was published Jul 6, 2023
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed... Moderate Unreviewed
CVE-2023-23761 was published Jul 6, 2023
It is possible to manipulate the JWT token without the knowledge of the JWT secret and... Moderate Unreviewed
CVE-2021-4314 was published Jul 6, 2023
An unauthenticated user can access Identity Manager’s management console specific page URLs.... Moderate Unreviewed
CVE-2022-25626 was published Jul 6, 2023
The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port... Moderate Unreviewed
CVE-2022-43557 was published Jul 6, 2023
Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access... Moderate Unreviewed
CVE-2023-30675 was published Jul 6, 2023
Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a... Moderate Unreviewed
CVE-2023-32620 was published Jun 30, 2023
A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated,... Moderate Unreviewed
CVE-2023-20199 was published Jun 28, 2023
Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in... Moderate Unreviewed
CVE-2023-34367 was published Jun 14, 2023
Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration... Moderate Unreviewed
CVE-2023-2638 was published Jun 13, 2023
Doorkeeper Improper Authentication vulnerability Moderate
CVE-2023-34246 was published for doorkeeper (RubyGems) Jun 12, 2023
hickford rgammans
adam-h nbudin nbulaj
Synapse has improper checks for deactivated users during login Moderate
CVE-2023-32682 was published for matrix-synapse (pip) Jun 6, 2023
A vulnerability was found in libssh, where the authentication check of the connecting client can... Moderate Unreviewed
CVE-2023-2283 was published May 26, 2023
The online authentication provided by the hwKitAssistant lacks strict identity verification of... Moderate Unreviewed
CVE-2023-0117 was published May 26, 2023
Vert.x STOMP server process client frames that would not send initially a connect frame Moderate
CVE-2023-32081 was published for io.vertx:vertx-stomp (Maven) May 12, 2023
NavidMitchell
An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to... Moderate Unreviewed
CVE-2023-28325 was published May 12, 2023
ProTip! Advisories are also available from the GraphQL API