Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,001
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

619 advisories

Loading
Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress... Moderate Unreviewed
CVE-2023-47191 was published Dec 21, 2023
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions... High Unreviewed
CVE-2023-35914 was published Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully... High Unreviewed
CVE-2023-35916 was published Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial... Moderate Unreviewed
CVE-2023-36520 was published Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square... High Unreviewed
CVE-2023-35876 was published Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This... High Unreviewed
CVE-2023-37871 was published Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media... Moderate Unreviewed
CVE-2023-38513 was published Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments –... Low Unreviewed
CVE-2023-46311 was published Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart... Moderate Unreviewed
CVE-2023-41796 was published Dec 20, 2023
EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object... High Unreviewed
CVE-2023-6929 was published Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects... Moderate Unreviewed
CVE-2022-43450 was published Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap... Moderate Unreviewed
CVE-2023-49812 was published Dec 19, 2023
Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to... Moderate Unreviewed
CVE-2023-46701 was published Dec 12, 2023
Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference... High Unreviewed
CVE-2023-48641 was published Dec 12, 2023
Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go Critical
GHSA-92cg-ghq6-9587 was published for github.com/sap/cloud-security-client-go (Go) Dec 12, 2023 withdrawn
Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library Critical
GHSA-gcgw-q47m-prvj was published for com.sap.cloud.security.xsuaa:spring-xsuaa (Maven) Dec 12, 2023 withdrawn
Duplicate Advisory: Privilege escalation in sap-xssec Critical
GHSA-p99h-pfg6-qrfg was published for sap-xssec (pip) Dec 12, 2023 withdrawn
Escalation of privileges in @sap/xssec Critical
CVE-2023-49583 was published for @sap/xssec (npm) Dec 12, 2023
leon-vg
Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view... Moderate Unreviewed
CVE-2023-6341 was published Nov 30, 2023
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure... Moderate Unreviewed
CVE-2023-6226 was published Nov 28, 2023
OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that... High Unreviewed
CVE-2023-49298 was published Nov 24, 2023
SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a... Moderate Unreviewed
CVE-2023-33706 was published Nov 24, 2023
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows... Moderate Unreviewed
CVE-2023-47316 was published Nov 22, 2023
Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an... Critical Unreviewed
CVE-2023-6144 was published Nov 21, 2023
An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of... High Unreviewed
CVE-2023-38884 was published Nov 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database