Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
39
Go
2,951
Maven
5,000+
npm
4,596
NuGet
787
pip
4,304
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

134 advisories

Loading
Froxlor vulnerable to business logic errors Low
CVE-2023-4304 was published for froxlor/froxlor (Composer) Aug 11, 2023
Silverstripe Framework: Members with no password can be created and bypass custom login forms Low
CVE-2023-32302 was published for silverstripe/framework (Composer) Jul 31, 2023
sabina-talipova bimthebam
maxime-rainville
Credited to sabina-talipova, bimthebam, and maxime-rainville
Mattermost fails to properly show information in the UI, allowing a system admin to modify a... Low Unreviewed
CVE-2023-3587 was published Jul 17, 2023
In music service, there is a missing permission check. This could lead to local information... Low Unreviewed
CVE-2023-33880 was published Jul 12, 2023
In music service, there is a missing permission check. This could lead to local information... Low Unreviewed
CVE-2023-33879 was published Jul 12, 2023
The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing... Low Unreviewed
CVE-2023-2434 was published May 31, 2023
In mnld, there is a possible leak of GPS location due to a missing permission check. This could... Low Unreviewed
CVE-2023-20726 was published May 16, 2023
Answer Missing Authorization vulnerability Low
CVE-2023-2590 was published for github.com/answerdev/answer (Go) May 9, 2023
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query... Low Unreviewed
CVE-2023-27462 was published Mar 14, 2023
Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi... Low Unreviewed
CVE-2023-21450 was published Feb 9, 2023
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted Low
CVE-2023-22489 was published for flarum/core (Composer) Jan 10, 2023
clarkwinkelmann
Credited to clarkwinkelmann
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF... Low Unreviewed
CVE-2022-4102 was published Jan 10, 2023
In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable... Low Unreviewed
CVE-2022-20537 was published Dec 21, 2022
In registerBroadcastReceiver of RcsService.java, there is a possible way to change preferred TTY... Low Unreviewed
CVE-2022-20536 was published Dec 21, 2022
In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass... Low Unreviewed
CVE-2022-20529 was published Dec 20, 2022
In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the... Low Unreviewed
CVE-2022-20533 was published Dec 20, 2022
In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for... Low Unreviewed
CVE-2022-20556 was published Dec 20, 2022
In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure... Low Unreviewed
CVE-2022-20519 was published Dec 20, 2022
In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location... Low Unreviewed
CVE-2022-20240 was published Dec 13, 2022
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the... Low Unreviewed
CVE-2022-42903 was published Nov 18, 2022
Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows... Low Unreviewed
CVE-2022-39879 was published Nov 10, 2022
In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the... Low Unreviewed
CVE-2022-20446 was published Nov 9, 2022
Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows... Low Unreviewed
CVE-2022-39861 was published Oct 7, 2022
Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1... Low Unreviewed
CVE-2022-36856 was published Sep 10, 2022
A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.15610. It has been classified... Low Unreviewed
CVE-2022-2841 was published Aug 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database