Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

557 advisories

Loading
Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows... Low Unreviewed
CVE-2022-36857 was published Sep 10, 2022
Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical... Low Unreviewed
CVE-2022-36876 was published Sep 10, 2022
Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1... Moderate Unreviewed
CVE-2022-36848 was published Sep 10, 2022
Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local... Low Unreviewed
CVE-2022-36852 was published Sep 10, 2022
A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0.... High Unreviewed
CVE-2022-2019 was published Jun 10, 2022
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker... High Unreviewed
CVE-2019-12671 was published May 24, 2022
HashiCorp Vault's PKI mount vulnerable to denial of service Moderate
CVE-2023-0665 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
Publify `guest` role users can self-register even when the admin does not allow it Moderate
CVE-2021-25973 was published for publify_core (RubyGems) Nov 3, 2021
oliverchang
Improper Authorization in aedes Moderate
CVE-2018-3778 was published for aedes (npm) Aug 15, 2018
tdunlap607
HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation High
CVE-2023-1782 was published for github.com/hashicorp/nomad (Go) Apr 5, 2023
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper... Critical Unreviewed
CVE-2023-1256 was published Mar 16, 2023
Moodle may allow students to bypass sequential navigation during a quiz attempt Moderate
CVE-2022-40208 was published for moodle/moodle (Composer) Mar 24, 2023
Potential network policy bypass when routing IPv6 traffic Moderate
CVE-2023-27594 was published for github.com/cilium/cilium (Go) Mar 17, 2023
ysksuzuki
Improper Authorization in nilsteampassnet/teampass Moderate
CVE-2023-1463 was published for nilsteampassnet/teampass (Composer) Mar 17, 2023
A vulnerability was found in kylin-activation and classified as critical. Affected by this issue... High Unreviewed
CVE-2023-1164 was published Mar 3, 2023
Wallabag Improper Authorization vulnerability Moderate
CVE-2023-0734 was published for wallabag/wallabag (Composer) Mar 5, 2023
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization,... High Unreviewed
CVE-2023-0822 was published Feb 17, 2023
Pixelfed may allow unauthorized actor to view private posts Moderate
CVE-2023-0914 was published for pixelfed/pixelfed (Composer) Feb 19, 2023
KubeOperator allows unauthorized access to system API High
CVE-2023-22480 was published for github.com/KubeOperator/KubeOperator (Go) Jan 9, 2023
suanve
wallabag contains Improper Authorization via export feature Moderate
CVE-2023-0609 was published for wallabag/wallabag (Composer) Feb 2, 2023
bAuh0lz
Improper Authorization in GitHub repository phpipam/phpipam prior to v1.5.1. Moderate Unreviewed
CVE-2023-0678 was published Feb 4, 2023
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to... Low Unreviewed
CVE-2022-4062 was published Feb 1, 2023
A flaw was found in pki-core, which could allow a user to get a certificate for another user... Moderate Unreviewed
CVE-2022-2393 was published Jul 15, 2022
cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to... Moderate Unreviewed
CVE-2019-10159 was published May 24, 2022
Withdrawn: wallabag subject to Improper Authorization Moderate
GHSA-h45f-rjvw-2rv2 was published for wallabag/wallabag (Composer) Feb 1, 2023 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database