Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+

430 advisories

Loading
Spring Security's spring-security.xsd file is world writable Moderate
CVE-2023-34042 was published for org.springframework.security:spring-security-config (Maven) Feb 6, 2024
Moby (Docker Engine) Insufficiently restricted permissions on data directory Moderate
CVE-2021-41091 was published for github.com/docker/docker (Go) Jan 31, 2024
joanbm AlonZa
neersighted
Privilege Escalation in HashiCorp Consul Moderate
CVE-2020-28053 was published for github.com/hashicorp/consul (Go) Jan 31, 2024
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter Moderate
CVE-2023-48714 was published for silverstripe/framework (Composer) Jan 23, 2024
Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some... Moderate Unreviewed
CVE-2023-38541 was published Jan 19, 2024
The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due... Moderate Unreviewed
CVE-2023-6883 was published Jan 11, 2024
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2023-6506 was published Jan 11, 2024
Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability Moderate Unreviewed
CVE-2024-21305 was published Jan 9, 2024
There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular... Moderate Unreviewed
CVE-2023-41776 was published Jan 3, 2024
A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing... Moderate Unreviewed
CVE-2023-7055 was published Dec 22, 2023
There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak... Moderate Unreviewed
CVE-2023-25648 was published Dec 14, 2023
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS... Moderate Unreviewed
CVE-2023-42924 was published Dec 12, 2023
The FACSChorus software database can be accessed directly with the privileges of the currently... Moderate Unreviewed
CVE-2023-29065 was published Nov 28, 2023
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks,... Moderate Unreviewed
CVE-2023-5651 was published Nov 20, 2023
xxl-job-admin vulnerable to Insecure Permissions Moderate
CVE-2023-48087 was published for com.xuxueli:xxl-job-admin (Maven) Nov 15, 2023
Insecure inherited permissions in some Intel Rapid Storage Technology software before version 16... Moderate Unreviewed
CVE-2023-39230 was published Nov 14, 2023
Insecure inherited permissions in some Intel(R) Simics Simulator software before version 1.7.2... Moderate Unreviewed
CVE-2023-34314 was published Nov 14, 2023
Insecure inherited permissions in the installer for some Intel Server Configuration Utility... Moderate Unreviewed
CVE-2023-34997 was published Nov 14, 2023
Insecure inherited permissions in some Intel(R) NUC Pro Software Suite installation software... Moderate Unreviewed
CVE-2022-41700 was published Nov 14, 2023
Insecure inherited permissions in some Intel(R) NUC Watchdog Timer installation software before... Moderate Unreviewed
CVE-2022-33898 was published Nov 14, 2023
An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2... Moderate Unreviewed
CVE-2023-36633 was published Nov 14, 2023
An issue was discovered in Click Studios Passwordstate before 9811. Existing users (Security... Moderate Unreviewed
CVE-2023-47801 was published Nov 13, 2023
An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in... Moderate Unreviewed
CVE-2023-5136 was published Nov 8, 2023
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine... Moderate Unreviewed
CVE-2023-3282 was published Nov 8, 2023
A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma... Moderate Unreviewed
CVE-2023-42861 was published Oct 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database