GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
267 advisories
Filter by severity
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-21401
was published
Feb 13, 2024
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-21364
was published
Feb 13, 2024
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-29990
was published
Apr 9, 2024
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive...
Critical
Unreviewed
CVE-2023-1083
was published
Apr 9, 2024
Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due...
Critical
Unreviewed
CVE-2023-46665
was published
Oct 26, 2023
Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when...
Critical
Unreviewed
CVE-2023-46664
was published
Oct 26, 2023
A command execution vulnerability exists in the validate.so diag_ping_start functionality of...
Critical
Unreviewed
CVE-2023-32632
was published
Oct 11, 2023
An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325...
Critical
Unreviewed
CVE-2023-24479
was published
Oct 11, 2023
An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0...
Critical
Unreviewed
CVE-2023-41679
was published
Oct 10, 2023
Improper Access Control in SICK APU allows an unprivileged remote attacker to
download as well...
Critical
Unreviewed
CVE-2023-43696
was published
Oct 9, 2023
A remote unauthorized attacker may connect to the SIM1012, interact with the device and
change...
Critical
Unreviewed
CVE-2023-5288
was published
Sep 29, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2...
Critical
Unreviewed
CVE-2023-5009
was published
Sep 19, 2023
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation...
Critical
Unreviewed
CVE-2023-31242
was published
Sep 5, 2023
SAP PowerDesigner - version 16.7, has improper access control which might allow an...
Critical
Unreviewed
CVE-2023-37483
was published
Aug 8, 2023
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device...
Critical
Unreviewed
CVE-2023-29130
was published
Jul 11, 2023
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller...
Critical
Unreviewed
CVE-2023-24489
was published
Jul 11, 2023
?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access...
Critical
Unreviewed
CVE-2023-30765
was published
Jul 10, 2023
Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and...
Critical
Unreviewed
CVE-2023-1834
was published
Jul 6, 2023
A privilege escalation allowing remote code execution was discovered in the orchestration service.
Critical
Unreviewed
CVE-2023-2530
was published
Jun 7, 2023
The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing...
Critical
Unreviewed
CVE-2021-4380
was published
Jun 7, 2023
Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and...
Critical
Unreviewed
CVE-2023-31241
was published
May 22, 2023
Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can...
Critical
Unreviewed
CVE-2023-28808
was published
Apr 11, 2023
A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16,...
Critical
Unreviewed
CVE-2020-10731
was published
May 24, 2022
Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and...
Critical
Unreviewed
CVE-2019-5644
was published
May 24, 2022
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows...
Critical
Unreviewed
CVE-2019-9531
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API