GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
115 advisories
Filter by severity
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R...
Moderate
Unreviewed
CVE-2023-6815
was published
Feb 13, 2024
: Incorrect Privilege Assignment vulnerability in Gerry Ntabuhashe GERRYWORKS Post by Mail allows...
High
Unreviewed
CVE-2024-49608
was published
Oct 20, 2024
Vault Community Edition privilege escalation vulnerability
High
CVE-2024-9180
was published
for
github.com/hashicorp/vault
(Go)
Oct 10, 2024
Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in...
Critical
Unreviewed
CVE-2024-49217
was published
Oct 17, 2024
Incorrect Privilege Assignment vulnerability in themexpo RS-Members allows Privilege Escalation...
High
Unreviewed
CVE-2024-49219
was published
Oct 17, 2024
Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress...
Critical
Unreviewed
CVE-2024-49322
was published
Oct 17, 2024
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and...
Critical
Unreviewed
CVE-2024-9863
was published
Oct 17, 2024
This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for...
High
Unreviewed
CVE-2024-47653
was published
Oct 4, 2024
Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to...
High
Unreviewed
CVE-2023-30691
was published
Aug 10, 2023
The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows...
Moderate
Unreviewed
CVE-2024-48941
was published
Oct 10, 2024
Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows...
High
Unreviewed
CVE-2023-30680
was published
Aug 10, 2023
The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an...
High
Unreviewed
CVE-2024-9519
was published
Oct 10, 2024
In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into...
High
Unreviewed
CVE-2023-21269
was published
Aug 14, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6...
Moderate
Unreviewed
CVE-2023-6477
was published
Feb 22, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15...
Moderate
Unreviewed
CVE-2023-2485
was published
Jun 7, 2023
The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low...
Critical
Unreviewed
CVE-2024-25660
was published
Oct 1, 2024
A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before...
Moderate
Unreviewed
CVE-2024-46540
was published
Sep 30, 2024
Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability
High
CVE-2023-5077
was published
for
github.com/hashicorp/vault
(Go)
Sep 29, 2023
IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper...
Moderate
Unreviewed
CVE-2023-47140
was published
Jan 8, 2024
IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to...
High
Unreviewed
CVE-2023-28956
was published
Jun 22, 2023
Nomad Search API Leaks Information About CSI Plugins
Moderate
CVE-2023-3300
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
Nomad ACL Policies without Label are Applied to Unexpected Resources
Moderate
CVE-2023-3072
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers
High
CVE-2023-3518
was published
for
github.com/hashicorp/consul
(Go)
Aug 9, 2023
Hashicorp Consul allows user with service:write permissions to patch remote proxy instances
High
CVE-2023-2816
was published
for
github.com/hashicorp/consul
(Go)
Jun 3, 2023
Incorrect Privilege Assignment in Jinja2
High
CVE-2014-1402
was published
for
Jinja2
(pip)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API