GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
667 advisories
Filter by severity
An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to...
High
Unreviewed
CVE-2024-0199
was published
Mar 7, 2024
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed...
High
Unreviewed
CVE-2024-1482
was published
Feb 14, 2024
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an...
High
Unreviewed
CVE-2023-47142
was published
Feb 2, 2024
Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute...
High
Unreviewed
CVE-2024-22938
was published
Jan 30, 2024
Authorization vulnerability in the BootLoader module. Successful exploitation of this...
High
Unreviewed
CVE-2023-52111
was published
Jan 16, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6...
High
Unreviewed
CVE-2023-4812
was published
Jan 12, 2024
SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107,...
High
Unreviewed
CVE-2024-21735
was published
Jan 9, 2024
The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints...
High
Unreviewed
CVE-2023-5644
was published
Dec 26, 2023
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million...
High
Unreviewed
CVE-2023-49949
was published
Dec 26, 2023
The api /api/snapshot and /api/get_log_file would allow unauthenticated access.
It could allow a...
High
Unreviewed
CVE-2023-41314
was published
Dec 22, 2023
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an...
High
Unreviewed
CVE-2023-45185
was published
Dec 14, 2023
Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a...
High
Unreviewed
CVE-2023-6542
was published
Dec 12, 2023
Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2...
High
Unreviewed
CVE-2023-36646
was published
Dec 12, 2023
TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect...
High
Unreviewed
CVE-2023-48859
was published
Dec 6, 2023
Unauthorized access vulnerability in the card management module. Successful exploitation of this...
High
Unreviewed
CVE-2023-49239
was published
Dec 6, 2023
Unauthorized access vulnerability in the launcher module. Successful exploitation of this...
High
Unreviewed
CVE-2023-49240
was published
Dec 6, 2023
Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics...
High
Unreviewed
CVE-2023-33071
was published
Dec 5, 2023
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication.
High
Unreviewed
CVE-2023-49947
was published
Dec 3, 2023
IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain...
High
Unreviewed
CVE-2023-42006
was published
Dec 1, 2023
A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 -...
High
Unreviewed
CVE-2022-40681
was published
Nov 14, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2...
High
Unreviewed
CVE-2023-4379
was published
Nov 9, 2023
An issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser...
High
Unreviewed
CVE-2023-45899
was published
Oct 31, 2023
In Sim, there is a possible way to evade mobile preference restrictions due to a permission...
High
Unreviewed
CVE-2023-21390
was published
Oct 30, 2023
The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect...
High
Unreviewed
CVE-2020-36714
was published
Oct 20, 2023
The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of...
High
Unreviewed
CVE-2021-4334
was published
Oct 20, 2023
ProTip!
Advisories are also available from the
GraphQL API