Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,298
Erlang
31
GitHub Actions
21
Go
2,063
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
876
Swift
36
Unreviewed advisories
All unreviewed
5,000+

351 advisories

Loading
Removal of e-Tugra root certificate High
CVE-2023-37920 was published for certifi (pip) Jul 25, 2023
crimsonknave
A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs. Moderate Unreviewed
CVE-2023-30562 was published Jul 13, 2023
Controller may be loaded with malicious firmware which could enable remote code execution Critical Unreviewed
CVE-2023-25178 was published Jul 13, 2023
Pipelines do not validate child UIDs Low
CVE-2023-37264 was published for github.com/tektoncd/pipeline (Go) Jul 7, 2023
wlynch
The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing... Moderate Unreviewed
CVE-2022-4537 was published Jul 6, 2023
Graylog vulnerable to insecure source port usage for DNS queries Low
CVE-2023-41045 was published for org.graylog2:graylog2-server (Maven) Jul 6, 2023
Iratxe001 borjam
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be... High Unreviewed
CVE-2022-48431 was published Jul 6, 2023
Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow... High Unreviewed
CVE-2022-46370 was published Jul 6, 2023
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is... Critical Unreviewed
CVE-2022-3703 was published Jul 6, 2023
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an... Critical Unreviewed
CVE-2023-3325 was published Jun 20, 2023
The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to... High Unreviewed
CVE-2023-30759 was published Jun 19, 2023
Insufficient verification of data authenticity in Zoom for Windows clients before 5.14.0 may... High Unreviewed
CVE-2023-34113 was published Jun 13, 2023
The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up... Moderate Unreviewed
CVE-2023-2897 was published Jun 9, 2023
If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto... High Unreviewed
CVE-2023-2866 was published Jun 7, 2023
The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of... Critical Unreviewed
CVE-2023-2987 was published May 31, 2023
Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware... Critical Unreviewed
CVE-2023-28386 was published May 22, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation Moderate
CVE-2023-32993 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE)... High Unreviewed
CVE-2023-31502 was published May 12, 2023
In modem, there is a possible missing verification of HashMME value in Security Mode Command.... Moderate Unreviewed
CVE-2022-44420 was published May 9, 2023
AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. Critical Unreviewed
CVE-2023-28863 was published Apr 18, 2023
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded... Critical Unreviewed
CVE-2023-27748 was published Apr 13, 2023
A man in the middle can redirect traffic to a malicious server in a compromised configuration. High Unreviewed
CVE-2023-26467 was published Apr 11, 2023
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server... High Unreviewed
CVE-2023-27979 was published Mar 21, 2023
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server... High Unreviewed
CVE-2023-27977 was published Mar 21, 2023
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server... High Unreviewed
CVE-2023-27982 was published Mar 21, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database