GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
226 advisories
Filter by severity
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a...
Critical
Unreviewed
CVE-2019-13690
was published
Aug 25, 2023
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in...
Critical
Unreviewed
CVE-2023-4404
was published
Aug 23, 2023
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable...
Critical
Unreviewed
CVE-2023-38734
was published
Aug 23, 2023
An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager...
Critical
Unreviewed
CVE-2021-28411
was published
Aug 11, 2023
The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user...
Critical
Unreviewed
CVE-2023-3076
was published
Jul 10, 2023
Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise,...
Critical
Unreviewed
CVE-2023-0635
was published
Jul 6, 2023
Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this...
Critical
Unreviewed
CVE-2021-46894
was published
Jul 6, 2023
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user...
Critical
Unreviewed
CVE-2023-3460
was published
Jul 4, 2023
In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in...
Critical
Unreviewed
CVE-2023-32713
was published
Jun 1, 2023
An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation...
Critical
Unreviewed
CVE-2023-29734
was published
May 30, 2023
Code execution and sensitive information disclosure due to excessive privileges assigned to...
Critical
Unreviewed
CVE-2022-3405
was published
May 3, 2023
Instruments with Illumina Universal Copy Service v1.x and
v2.x contain an unnecessary privileges...
Critical
Unreviewed
CVE-2023-1966
was published
Apr 28, 2023
Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local...
Critical
Unreviewed
CVE-2023-25133
was published
Apr 24, 2023
TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via...
Critical
Unreviewed
CVE-2023-27830
was published
Apr 12, 2023
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges...
Critical
Unreviewed
CVE-2022-45101
was published
Feb 1, 2023
The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure...
Critical
Unreviewed
CVE-2022-4305
was published
Jan 23, 2023
JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to...
Critical
Unreviewed
CVE-2022-0668
was published
Jan 8, 2023
A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that...
Critical
Unreviewed
CVE-2022-27773
was published
Dec 6, 2022
An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to...
Critical
Unreviewed
CVE-2022-44929
was published
Dec 2, 2022
Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation...
Critical
Unreviewed
CVE-2022-37016
was published
Dec 1, 2022
The system framework layer has a vulnerability of serialization/deserialization mismatch....
Critical
Unreviewed
CVE-2022-44562
was published
Nov 10, 2022
Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability.
Critical
Unreviewed
CVE-2022-37968
was published
Oct 12, 2022
An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9...
Critical
Unreviewed
CVE-2022-36536
was published
Sep 17, 2022
Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6...
Critical
Unreviewed
CVE-2022-36793
was published
Sep 10, 2022
Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at...
Critical
Unreviewed
CVE-2022-34858
was published
Aug 23, 2022
ProTip!
Advisories are also available from the
GraphQL API