Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

284 advisories

Loading
An attacker could have abused XSLT error handling to associate attacker-controlled content with... Moderate Unreviewed
CVE-2022-38472 was published Dec 22, 2022
A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking... High Unreviewed
CVE-2022-42927 was published Dec 22, 2022
gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy Critical
CVE-2017-20146 was published for github.com/gorilla/handlers (Go) Dec 28, 2022
A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected... Critical Unreviewed
CVE-2014-125071 was published Jan 9, 2023
Zip4j Origin Validation Error Moderate
CVE-2023-22899 was published for net.lingala.zip4j:zip4j (Maven) Jan 10, 2023
0xSSA
A CORS Misconfiguration in the web-based management allows a malicious third party webserver to... Moderate Unreviewed
CVE-2022-45139 was published Feb 27, 2023
code-server vulnerable to Missing Origin Validation in WebSockets Critical
CVE-2023-26114 was published for code-server (npm) Mar 23, 2023
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and... Moderate Unreviewed
CVE-2023-2445 was published May 2, 2023
Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated... Moderate Unreviewed
CVE-2023-29868 was published May 2, 2023
Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker... Moderate Unreviewed
CVE-2023-29867 was published May 2, 2023
This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13... Moderate Unreviewed
CVE-2023-27932 was published May 8, 2023
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3,... Moderate Unreviewed
CVE-2023-27962 was published May 8, 2023
This issue was addressed with a new entitlement. This issue is fixed in macOS Ventura 13.3, macOS... High Unreviewed
CVE-2023-27944 was published May 8, 2023
A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of... Moderate Unreviewed
CVE-2023-28318 was published May 10, 2023
Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier... High Unreviewed
CVE-2023-23578 was published May 10, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation Moderate
CVE-2023-32993 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via... Moderate Unreviewed
CVE-2023-2886 was published May 25, 2023
Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Control via modules... High Unreviewed
CVE-2023-30196 was published May 30, 2023
Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated... Moderate Unreviewed
CVE-2023-23561 was published May 30, 2023
Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code... High Unreviewed
CVE-2023-33740 was published May 31, 2023
An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent... High Unreviewed
CVE-2023-29743 was published May 31, 2023
An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker... High Unreviewed
CVE-2023-28349 was published May 31, 2023
The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related... Critical Unreviewed
CVE-2023-29728 was published May 31, 2023
An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent... High Unreviewed
CVE-2023-29745 was published May 31, 2023
An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level... High Unreviewed
CVE-2023-27745 was published Jun 2, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database