GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
57 advisories
Filter by severity
Escalation of privileges in @sap/xssec
Critical
CVE-2023-49583
was published
for
@sap/xssec
(npm)
Dec 12, 2023
Duplicate Advisory: Privilege escalation in sap-xssec
Critical
GHSA-p99h-pfg6-qrfg
was published
for
sap-xssec
(pip)
Dec 12, 2023
•
withdrawn
Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library
Critical
GHSA-gcgw-q47m-prvj
was published
for
com.sap.cloud.security.xsuaa:spring-xsuaa
(Maven)
Dec 12, 2023
•
withdrawn
Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an...
Critical
Unreviewed
CVE-2023-6144
was published
Nov 21, 2023
Lost and Found Information System 1.0 allows account takeover via username and password to a ...
Critical
Unreviewed
CVE-2023-38965
was published
Nov 3, 2023
Authorization Bypass in Apache InLong
Critical
CVE-2023-43668
was published
for
org.apache.inlong:manager-pojo
(Maven)
Oct 16, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper
Critical
CVE-2023-44981
was published
for
org.apache.zookeeper:zookeeper
(Maven)
Oct 11, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows...
Critical
Unreviewed
CVE-2023-2958
was published
Jul 17, 2023
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is...
Critical
Unreviewed
CVE-2023-2276
was published
Jul 6, 2023
EasyTor Applications – Authorization Bypass - EasyTor Applications may allow authorization...
Critical
Unreviewed
CVE-2023-31182
was published
Jul 6, 2023
Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers...
Critical
Unreviewed
CVE-2023-37242
was published
Jul 6, 2023
Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows...
Critical
Unreviewed
CVE-2023-3048
was published
Jun 13, 2023
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR...
Critical
Unreviewed
CVE-2022-36247
was published
May 30, 2023
Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by...
Critical
Unreviewed
CVE-2023-2713
was published
May 20, 2023
The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure...
Critical
Unreviewed
CVE-2023-0558
was published
Jan 28, 2023
usememos/memos Authorization Bypass Through User-Controlled Key vulnerability
Critical
CVE-2022-4686
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
RSFirewall tries to identify the original IP address by looking at different HTTP headers. A...
Critical
Unreviewed
CVE-2021-4226
was published
Dec 15, 2022
An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change...
Critical
Unreviewed
CVE-2022-38789
was published
Sep 16, 2022
Authorization Bypass Through User-Controlled Key in go-restful
Critical
CVE-2022-1996
was published
for
github.com/emicklei/go-restful
(Go)
Jun 9, 2022
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR ...
Critical
Unreviewed
CVE-2022-30495
was published
May 27, 2022
ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is...
Critical
Unreviewed
CVE-2021-41301
was published
May 24, 2022
A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An...
Critical
Unreviewed
CVE-2021-37184
was published
May 24, 2022
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has...
Critical
Unreviewed
CVE-2020-16088
was published
May 24, 2022
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated...
Critical
Unreviewed
CVE-2019-17574
was published
May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass...
Critical
Unreviewed
CVE-2019-13360
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API