GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,130 advisories
Filter by severity
Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged...
Moderate
Unreviewed
CVE-2023-3622
was published
Jul 26, 2023
Dapr API token authentication bypass in HTTP endpoints
Moderate
CVE-2023-37918
was published
for
github.com/dapr/dapr
(Go)
Jul 21, 2023
Keycloak: Impersonation and lockout possible through incorrect handling of email trust
Moderate
CVE-2023-0105
was published
for
org.keycloak:keycloak-core
(Maven)
Jul 18, 2023
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to...
Moderate
Unreviewed
CVE-2023-35901
was published
Jul 17, 2023
Issue summary: The AES-SIV cipher implementation contains a bug that causes
it to ignore empty...
Moderate
Unreviewed
CVE-2023-2975
was published
Jul 14, 2023
The configuration from the PCU can be modified without authentication using physical connection...
Moderate
Unreviewed
CVE-2023-30560
was published
Jul 13, 2023
The firmware update package for the wireless card is not properly signed and can be modified.
Moderate
Unreviewed
CVE-2023-30559
was published
Jul 13, 2023
An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6,...
Moderate
Unreviewed
CVE-2023-3362
was published
Jul 13, 2023
Apache Pulsar Broker Improper Authentication vulnerability
Moderate
CVE-2023-31007
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Jul 12, 2023
The listed versions of Nexx Smart Home devices could allow any user to register an already...
Moderate
Unreviewed
CVE-2023-1752
was published
Jul 6, 2023
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed...
Moderate
Unreviewed
CVE-2023-23761
was published
Jul 6, 2023
It is possible to manipulate the JWT token without the knowledge of the JWT secret and...
Moderate
Unreviewed
CVE-2021-4314
was published
Jul 6, 2023
An unauthenticated user can access Identity Manager’s management console specific page URLs....
Moderate
Unreviewed
CVE-2022-25626
was published
Jul 6, 2023
The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port...
Moderate
Unreviewed
CVE-2022-43557
was published
Jul 6, 2023
Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access...
Moderate
Unreviewed
CVE-2023-30675
was published
Jul 6, 2023
Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a...
Moderate
Unreviewed
CVE-2023-32620
was published
Jun 30, 2023
A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated,...
Moderate
Unreviewed
CVE-2023-20199
was published
Jun 28, 2023
Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in...
Moderate
Unreviewed
CVE-2023-34367
was published
Jun 14, 2023
Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration...
Moderate
Unreviewed
CVE-2023-2638
was published
Jun 13, 2023
Doorkeeper Improper Authentication vulnerability
Moderate
CVE-2023-34246
was published
for
doorkeeper
(RubyGems)
Jun 12, 2023
Synapse has improper checks for deactivated users during login
Moderate
CVE-2023-32682
was published
for
matrix-synapse
(pip)
Jun 6, 2023
A vulnerability was found in libssh, where the authentication check of the connecting client can...
Moderate
Unreviewed
CVE-2023-2283
was published
May 26, 2023
The online authentication provided by the hwKitAssistant lacks strict identity verification of...
Moderate
Unreviewed
CVE-2023-0117
was published
May 26, 2023
Vert.x STOMP server process client frames that would not send initially a connect frame
Moderate
CVE-2023-32081
was published
for
io.vertx:vertx-stomp
(Maven)
May 12, 2023
An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to...
Moderate
Unreviewed
CVE-2023-28325
was published
May 12, 2023
ProTip!
Advisories are also available from the
GraphQL API