Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,086
Maven
5,000+
npm
3,747
NuGet
674
pip
3,436
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

99 advisories

Loading
FOSUserBundle User Identity Validation Vulnerability Moderate
GHSA-8wx3-8m4x-g5h4 was published for friendsofsymfony/user-bundle (Composer) May 15, 2024
Quarkus: authorization flaw in quarkus resteasy reactive and classic Moderate
CVE-2023-5675 was published for io.quarkus:quarkus-resteasy-reactive-common (Maven) Apr 25, 2024
bschuhmann
Possible user mocking that bypasses basic authentication Moderate
CVE-2023-48309 was published for next-auth (npm) Nov 20, 2023
securing dastaj
magnunm balazsorban44 ThangHuuVu
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes Moderate
CVE-2023-47037 was published for apache-airflow (pip) Nov 12, 2023
r3kumar sunSUNQ
PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block Moderate
CVE-2023-47109 was published for prestashop/blockreassurance (Composer) Nov 8, 2023
React Developer Tools extension Improper Authorization vulnerability Moderate
CVE-2023-5654 was published for react-devtools-core (npm) Oct 19, 2023
matrix-synapse vulnerable to improper validation of receipts allows forged read receipts Moderate
CVE-2023-42453 was published for matrix-synapse (pip) Sep 26, 2023
Pimcore Customer Management Framework vulnerable to Improper Authorization in Rules Controller Moderate
CVE-2023-3574 was published for pimcore/customer-management-framework-bundle (Composer) Jul 10, 2023
aqngoc
Tauri vulnerable to Regression on Filesystem Scope Checks for Dotfiles Moderate
CVE-2023-34460 was published for tauri (Rust) Jun 21, 2023
tillmann-crabnebula chip-crabnebula
Kyverno resource with a deletionTimestamp may allow policy circumvention Moderate
CVE-2023-34091 was published for github.com/kyverno/kyverno (Go) Jun 5, 2023
bburky
HashiCorp Vault's PKI mount vulnerable to denial of service Moderate
CVE-2023-0665 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
Moodle may allow students to bypass sequential navigation during a quiz attempt Moderate
CVE-2022-40208 was published for moodle/moodle (Composer) Mar 24, 2023
Potential network policy bypass when routing IPv6 traffic Moderate
CVE-2023-27594 was published for github.com/cilium/cilium (Go) Mar 17, 2023
ysksuzuki
Improper Authorization in nilsteampassnet/teampass Moderate
CVE-2023-1463 was published for nilsteampassnet/teampass (Composer) Mar 17, 2023
Wallabag Improper Authorization vulnerability Moderate
CVE-2023-0734 was published for wallabag/wallabag (Composer) Mar 5, 2023
Pixelfed may allow unauthorized actor to view private posts Moderate
CVE-2023-0914 was published for pixelfed/pixelfed (Composer) Feb 19, 2023
wallabag contains Improper Authorization via export feature Moderate
CVE-2023-0609 was published for wallabag/wallabag (Composer) Feb 2, 2023
bAuh0lz
Symfony storing cookie headers in HttpCache Moderate
CVE-2022-24894 was published for symfony/http-kernel (Composer) Feb 1, 2023
nicolas-grekas shyim
Withdrawn: wallabag subject to Improper Authorization via annotations Moderate
GHSA-xrw3-wqph-3fxg was published for wallabag/wallabag (Composer) Feb 1, 2023 withdrawn
Withdrawn: wallabag subject to Improper Authorization Moderate
GHSA-h45f-rjvw-2rv2 was published for wallabag/wallabag (Composer) Feb 1, 2023 withdrawn
Improper Authorization in grumpydictator/firefly-iii Moderate
CVE-2023-0298 was published for grumpydictator/firefly-iii (Composer) Jan 14, 2023
Froxlor Improper Authorization vulnerability Moderate
CVE-2022-4868 was published for froxlor/froxlor (Composer) Dec 31, 2022
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4811 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4798 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4804 was published for github.com/usememos/memos (Go) Dec 28, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database