Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,965
Erlang
29
GitHub Actions
16
Go
1,747
Maven
4,975
npm
3,507
NuGet
609
pip
3,072
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

108,781 advisories

Loading
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine... Moderate Unreviewed
CVE-2023-3282 was published Nov 8, 2023
PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block Moderate
CVE-2023-47109 was published for prestashop/blockreassurance (Composer) Nov 8, 2023
Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages Moderate
CVE-2023-47114 was published for ethyca-fides (pip) Nov 8, 2023
RobertKeyser h0wl
Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability... Moderate Unreviewed
CVE-2022-48613 was published Nov 8, 2023
Vulnerability of input parameters being not strictly verified in the input. Successful... Moderate Unreviewed
CVE-2023-46755 was published Nov 8, 2023
Vulnerability of background app permission management in the framework module. Successful... Moderate Unreviewed
CVE-2023-46763 was published Nov 8, 2023
Unauthorized startup vulnerability of background apps. Successful exploitation of this... Moderate Unreviewed
CVE-2023-46764 was published Nov 8, 2023
Permission control vulnerability in the window management module. Successful exploitation of this... Moderate Unreviewed
CVE-2023-46756 was published Nov 8, 2023
Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an attacker to obtain sensitive... Moderate Unreviewed
CVE-2023-46483 was published Nov 8, 2023
wildfly-core Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-4061 was published for org.wildfly.core:wildfly-controller (Maven) Nov 8, 2023
Prometheus metrics are available without authentication. These expose detailed and sensitive... Moderate Unreviewed
CVE-2023-6001 was published Nov 8, 2023
Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local... Moderate Unreviewed
CVE-2023-46001 was published Nov 8, 2023
capsule-proxy service discloses Namespaces of colliding tenants to owners of different tenants with the same ServiceAccount name Moderate
CVE-2023-46254 was published for github.com/projectcapsule/capsule (Go) Nov 7, 2023
mtheeren-asml prometherion
The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross... Moderate Unreviewed
CVE-2023-5982 was published Nov 7, 2023
General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing... Moderate Unreviewed
CVE-2023-0898 was published Nov 7, 2023
Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in simonpedge Slide Anything –... Moderate Unreviewed
CVE-2023-28499 was published Nov 7, 2023
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV. Moderate Unreviewed
CVE-2023-5998 was published Nov 7, 2023
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken... Moderate Unreviewed
CVE-2023-5309 was published Nov 7, 2023
The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed
CVE-2023-5819 was published Nov 7, 2023
The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... Moderate Unreviewed
CVE-2023-5818 was published Nov 7, 2023
A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque... Moderate Unreviewed
CVE-2023-4956 was published Nov 7, 2023
Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab Jazz Popups leads to Stored XSS.This... Moderate Unreviewed
CVE-2023-32966 was published Nov 7, 2023
Squidex is an open source headless CMS and content management hub. In affected versions a stored... Moderate Unreviewed
CVE-2023-46744 was published Nov 7, 2023
Microsoft OneNote Spoofing Vulnerability Moderate Unreviewed
CVE-2023-36769 was published Nov 7, 2023
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Moderate Unreviewed
CVE-2023-36409 was published Nov 7, 2023
ProTip! Advisories are also available from the GraphQL API