GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
871 advisories
Filter by severity
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0...
Moderate
Unreviewed
CVE-2023-31005
was published
Feb 3, 2024
HashiCorp Vault Improper Privilege Management
Moderate
CVE-2020-10660
was published
for
github.com/hashicorp/vault/vault
(Go)
Jan 30, 2024
Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version,...
Moderate
Unreviewed
CVE-2024-0674
was published
Jan 30, 2024
A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow...
Moderate
Unreviewed
CVE-2023-5080
was published
Jan 19, 2024
Kruise allows leveraging the kruise-daemon pod to list all secrets in the entire cluster
Moderate
CVE-2023-30617
was published
for
github.com/openkruise/kruise
(Go)
Jan 5, 2024
Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro
Moderate
Unreviewed
CVE-2023-41784
was published
Jan 4, 2024
Craft CMS Privilege Escalation
Moderate
CVE-2024-21622
was published
for
craftcms/cms
(Composer)
Jan 3, 2024
There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular...
Moderate
Unreviewed
CVE-2023-41776
was published
Jan 3, 2024
Some Honor products are affected by incorrect privilege assignment vulnerability, successful...
Moderate
Unreviewed
CVE-2023-51430
was published
Dec 29, 2023
Some Honor products are affected by incorrect privilege assignment vulnerability, successful...
Moderate
Unreviewed
CVE-2023-51429
was published
Dec 29, 2023
Some Honor products are affected by incorrect privilege assignment vulnerability, successful...
Moderate
Unreviewed
CVE-2023-23427
was published
Dec 29, 2023
Some Honor products are affected by incorrect privilege assignment vulnerability, successful...
Moderate
Unreviewed
CVE-2023-23438
was published
Dec 29, 2023
Some Honor products are affected by incorrect privilege assignment vulnerability, successful...
Moderate
Unreviewed
CVE-2023-23429
was published
Dec 29, 2023
A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd...
Moderate
Unreviewed
CVE-2023-7090
was published
Dec 24, 2023
Improper privilege management allowed arbitrary workflows to be committed and run using an...
Moderate
Unreviewed
CVE-2023-6804
was published
Dec 21, 2023
A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4...
Moderate
Unreviewed
CVE-2023-3907
was published
Dec 18, 2023
An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed...
Moderate
Unreviewed
CVE-2023-6507
was published
Dec 8, 2023
there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic...
Moderate
Unreviewed
CVE-2023-48406
was published
Dec 8, 2023
An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability...
Moderate
Unreviewed
CVE-2023-45083
was published
Dec 5, 2023
An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series...
Moderate
Unreviewed
CVE-2023-5797
was published
Nov 28, 2023
An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series...
Moderate
Unreviewed
CVE-2023-37925
was published
Nov 28, 2023
An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware...
Moderate
Unreviewed
CVE-2023-5650
was published
Nov 28, 2023
An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX...
Moderate
Unreviewed
CVE-2023-5960
was published
Nov 28, 2023
An issue was found with how API keys are created with the Fleet-Server service account. When an...
Moderate
Unreviewed
CVE-2021-37937
was published
Nov 22, 2023
A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an...
Moderate
Unreviewed
CVE-2023-20274
was published
Nov 21, 2023
ProTip!
Advisories are also available from the
GraphQL API