GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,965
Erlang
29
GitHub Actions
16
Go
1,747
Maven
4,975
npm
3,507
NuGet
609
pip
3,072
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
108,781 advisories
Filter by severity
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine...
Moderate
Unreviewed
CVE-2023-3282
was published
Nov 8, 2023
PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block
Moderate
CVE-2023-47109
was published
for
prestashop/blockreassurance
(Composer)
Nov 8, 2023
Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages
Moderate
CVE-2023-47114
was published
for
ethyca-fides
(pip)
Nov 8, 2023
Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability...
Moderate
Unreviewed
CVE-2022-48613
was published
Nov 8, 2023
Vulnerability of input parameters being not strictly verified in the input. Successful...
Moderate
Unreviewed
CVE-2023-46755
was published
Nov 8, 2023
Vulnerability of background app permission management in the framework module. Successful...
Moderate
Unreviewed
CVE-2023-46763
was published
Nov 8, 2023
Unauthorized startup vulnerability of background apps. Successful exploitation of this...
Moderate
Unreviewed
CVE-2023-46764
was published
Nov 8, 2023
Permission control vulnerability in the window management module. Successful exploitation of this...
Moderate
Unreviewed
CVE-2023-46756
was published
Nov 8, 2023
Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2023-46483
was published
Nov 8, 2023
wildfly-core Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-4061
was published
for
org.wildfly.core:wildfly-controller
(Maven)
Nov 8, 2023
Prometheus metrics are available without
authentication. These expose detailed and sensitive...
Moderate
Unreviewed
CVE-2023-6001
was published
Nov 8, 2023
Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local...
Moderate
Unreviewed
CVE-2023-46001
was published
Nov 8, 2023
capsule-proxy service discloses Namespaces of colliding tenants to owners of different tenants with the same ServiceAccount name
Moderate
CVE-2023-46254
was published
for
github.com/projectcapsule/capsule
(Go)
Nov 7, 2023
The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross...
Moderate
Unreviewed
CVE-2023-5982
was published
Nov 7, 2023
General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing...
Moderate
Unreviewed
CVE-2023-0898
was published
Nov 7, 2023
Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in simonpedge Slide Anything –...
Moderate
Unreviewed
CVE-2023-28499
was published
Nov 7, 2023
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.
Moderate
Unreviewed
CVE-2023-5998
was published
Nov 7, 2023
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken...
Moderate
Unreviewed
CVE-2023-5309
was published
Nov 7, 2023
The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin...
Moderate
Unreviewed
CVE-2023-5819
was published
Nov 7, 2023
The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up...
Moderate
Unreviewed
CVE-2023-5818
was published
Nov 7, 2023
A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque...
Moderate
Unreviewed
CVE-2023-4956
was published
Nov 7, 2023
Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab Jazz Popups leads to Stored XSS.This...
Moderate
Unreviewed
CVE-2023-32966
was published
Nov 7, 2023
Squidex is an open source headless CMS and content management hub. In affected versions a stored...
Moderate
Unreviewed
CVE-2023-46744
was published
Nov 7, 2023
Microsoft OneNote Spoofing Vulnerability
Moderate
Unreviewed
CVE-2023-36769
was published
Nov 7, 2023
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2023-36409
was published
Nov 7, 2023
ProTip!
Advisories are also available from the
GraphQL API