Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,762
NuGet
678
pip
3,447
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

195 advisories

Loading
Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue... Critical Unreviewed
CVE-2024-33566 was published Apr 29, 2024
Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember:... Critical Unreviewed
CVE-2024-32948 was published Apr 24, 2024
Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a... Critical Unreviewed
CVE-2023-49742 was published Apr 18, 2024
Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a... Critical Unreviewed
CVE-2024-25912 was published Apr 11, 2024
XWiki Platform remote code execution from account through UIExtension parameters Critical
CVE-2024-31997 was published for org.xwiki.platform:xwiki-platform-uiextension-api (Maven) Apr 10, 2024
XWiki Platform remote code execution from account via custom skins support Critical
CVE-2024-31987 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 10, 2024
XWiki Platform: Remote code execution from edit in multilingual wikis via translations Critical
CVE-2024-31983 was published for org.xwiki.platform:xwiki-platform-localization-source-wiki (Maven) Apr 10, 2024
XWiki Platform: Privilege escalation (PR) from user registration through PDFClass Critical
CVE-2024-31981 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 10, 2024
Missing authorization vulnerability in System webapi component in Synology Surveillance Station... Critical Unreviewed
CVE-2024-29241 was published Mar 28, 2024
Code execution in pandasai Critical
CVE-2024-23752 was published for pandasai (pip) Jan 22, 2024
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious... Critical Unreviewed
CVE-2023-34063 was published Jan 16, 2024
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress... Critical Unreviewed
CVE-2023-6875 was published Jan 11, 2024
An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via... Critical Unreviewed
CVE-2023-47458 was published Jan 2, 2024
The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for... Critical Unreviewed
CVE-2023-5877 was published Jan 1, 2024
Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the... Critical Unreviewed
CVE-2023-50976 was published Dec 18, 2023
Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity... Critical Unreviewed
CVE-2023-48417 was published Dec 11, 2023
Ray Missing Authorization vulnerability Critical
CVE-2023-6020 was published for ray (pip) Nov 16, 2023
cpropps-sysdig
H2O local file inclusion vulnerability Critical
CVE-2023-6038 was published for ai.h2o:h2o-core (Maven) Nov 16, 2023
An issue was discovered in the Boomerang Parental Control application through 13.83 for Android.... Critical Unreviewed
CVE-2023-36621 was published Nov 3, 2023
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to... Critical Unreviewed
CVE-2023-5533 was published Oct 20, 2023
A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN... Critical Unreviewed
CVE-2023-20252 was published Sep 27, 2023
Vulnerability of missing authorization in the kernel module. Successful exploitation of this... Critical Unreviewed
CVE-2023-41296 was published Sep 25, 2023
There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel... Critical Unreviewed
CVE-2023-43135 was published Sep 21, 2023
There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows... Critical Unreviewed
CVE-2023-43134 was published Sep 20, 2023
A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods... Critical Unreviewed
CVE-2023-0923 was published Sep 15, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database