GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,128 advisories
Filter by severity
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3...
Moderate
Unreviewed
CVE-2024-22334
was published
Apr 12, 2024
An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows...
Moderate
Unreviewed
CVE-2024-28589
was published
Apr 3, 2024
Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions...
Moderate
Unreviewed
CVE-2024-25956
was published
Mar 26, 2024
WiX based installers are vulnerable to binary hijack when run as SYSTEM
High
CVE-2024-29187
was published
for
WixToolset.Sdk
(NuGet)
Mar 25, 2024
Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
High
Unreviewed
CVE-2024-21431
was published
Mar 12, 2024
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform...
Critical
Unreviewed
CVE-2024-21915
was published
Feb 16, 2024
Apache Solr Schema Designer blindly "trusts" all configsets
Low
CVE-2023-50292
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2024
Spring Security's spring-security.xsd file is world writable
Moderate
CVE-2023-34042
was published
for
org.springframework.security:spring-security-config
(Maven)
Feb 6, 2024
An incorrect permission assignment for critical resource vulnerability has been reported to...
High
Unreviewed
CVE-2023-47564
was published
Feb 2, 2024
Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation...
High
Unreviewed
CVE-2020-24681
was published
Feb 2, 2024
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write...
High
Unreviewed
CVE-2024-22016
was published
Feb 2, 2024
Moby (Docker Engine) Insufficiently restricted permissions on data directory
Moderate
CVE-2021-41091
was published
for
github.com/docker/docker
(Go)
Jan 31, 2024
Privilege Escalation in HashiCorp Consul
Moderate
CVE-2020-28053
was published
for
github.com/hashicorp/consul
(Go)
Jan 31, 2024
Spring Cloud Contract vulnerable to local information disclosure
Low
CVE-2024-22236
was published
for
org.springframework.cloud:spring-cloud-contract-shade
(Maven)
Jan 31, 2024
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
Moderate
CVE-2023-48714
was published
for
silverstripe/framework
(Composer)
Jan 23, 2024
Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some...
Moderate
Unreviewed
CVE-2023-38541
was published
Jan 19, 2024
Permission management vulnerability in the multi-screen interaction module. Successful...
High
Unreviewed
CVE-2023-52116
was published
Jan 16, 2024
Vulnerability of permissions being not strictly verified in the WMS module. Successful...
High
Unreviewed
CVE-2023-52107
was published
Jan 16, 2024
An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate...
High
Unreviewed
CVE-2023-49257
was published
Jan 12, 2024
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2023-6506
was published
Jan 11, 2024
The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due...
Moderate
Unreviewed
CVE-2023-6883
was published
Jan 11, 2024
Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
Moderate
Unreviewed
CVE-2024-21305
was published
Jan 9, 2024
A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). The affected...
High
Unreviewed
CVE-2023-44120
was published
Jan 9, 2024
There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular...
Moderate
Unreviewed
CVE-2023-41776
was published
Jan 3, 2024
A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing...
Moderate
Unreviewed
CVE-2023-7055
was published
Dec 22, 2023
ProTip!
Advisories are also available from the
GraphQL API