GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,990
Composer 4,293
Erlang 31
GitHub Actions 21
Go 2,061
Maven 5,239
npm 3,744
NuGet 668
pip 3,423
Pub 12
RubyGems 892
Rust 875
Swift 36

Unreviewed advisories

All unreviewed 239,469

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

448 advisories

Filter by severity

Sort by

Least recently updated

A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but... Moderate Unreviewed

CVE-2023-0225 was published Apr 4, 2023

Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module Moderate

CVE-2023-27096 was published for cn.hippo4j:hippo4j-all (Maven) Mar 27, 2023

tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate

CVE-2022-3101 was published for tripleo-ansible (pip) Mar 23, 2023

tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate

CVE-2022-3146 was published for tripleo-ansible (pip) Mar 23, 2023

The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 has a flawed CSRF and... Moderate Unreviewed

CVE-2022-4148 was published Mar 20, 2023

Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to... Moderate Unreviewed

CVE-2023-27084 was published Mar 16, 2023

Exposure of Sensitive Information in OpenGoofy Hippo4j Moderate

CVE-2023-27095 was published for cn.hippo4j:hippo4j-core (Maven) Mar 16, 2023

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration... Moderate Unreviewed

CVE-2022-21939 was published Feb 9, 2023

In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x... Moderate Unreviewed

CVE-2023-22326 was published Feb 1, 2023

Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users... Moderate Unreviewed

CVE-2022-37708 was published Feb 1, 2023

In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp. Moderate Unreviewed

CVE-2022-48257 was published Jan 13, 2023

EXFO - BV-10 Performance Endpoint Unit misconfiguration. System configuration file has... Moderate Unreviewed

CVE-2022-39186 was published Jan 12, 2023

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39... Moderate Unreviewed

CVE-2022-47927 was published Jan 12, 2023

Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master. Moderate Unreviewed

CVE-2022-4630 was published Dec 21, 2022

SilverStripe Subsite weakens file permissions Moderate

CVE-2022-42949 was published for silverstripe/subsites (Composer) Dec 19, 2022

ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper... Moderate Unreviewed

CVE-2022-23143 was published Dec 6, 2022

Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the... Moderate Unreviewed

CVE-2022-45301 was published Nov 29, 2022

Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the... Moderate Unreviewed

CVE-2022-45304 was published Nov 29, 2022

Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all... Moderate Unreviewed

CVE-2022-45306 was published Nov 29, 2022

Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the... Moderate Unreviewed

CVE-2022-45305 was published Nov 29, 2022

Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the... Moderate Unreviewed

CVE-2022-45307 was published Nov 29, 2022

Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master... Moderate Unreviewed

CVE-2022-44280 was published Nov 23, 2022

Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on... Moderate Unreviewed

CVE-2022-38461 was published Nov 18, 2022

Sensitive information disclosure due to insecure folder permissions. The following products are... Moderate Unreviewed

CVE-2022-44746 was published Nov 8, 2022

A permissions issue existed. This issue was addressed with improved permission validation. This... Moderate Unreviewed

CVE-2022-42788 was published Nov 2, 2022

Previous 1 2 3 4 5 6 7 … 17 18 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

448 advisories