GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
229 advisories
Filter by severity
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege...
Critical
Unreviewed
CVE-2024-9479
was published
Nov 20, 2024
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege...
Critical
Unreviewed
CVE-2024-9478
was published
Nov 20, 2024
Windows Hyper-V Elevation of Privilege Vulnerability.
Critical
Unreviewed
CVE-2022-21901
was published
Jan 12, 2022
Improper Privilege Management vulnerability in Nomysoft Informatics Nomysem allows Collect Data...
Critical
Unreviewed
CVE-2024-8074
was published
Nov 12, 2024
The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and...
Critical
Unreviewed
CVE-2024-9518
was published
Oct 10, 2024
Windows Update Stack Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2021-1694
was published
May 24, 2022
A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege...
Critical
Unreviewed
CVE-2024-3057
was published
Oct 8, 2024
According to the researcher: "The TLS connections are encrypted against tampering or...
Critical
Unreviewed
CVE-2024-44097
was published
Oct 2, 2024
An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain...
Critical
Unreviewed
CVE-2023-36100
was published
Sep 1, 2023
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in...
Critical
Unreviewed
CVE-2024-9265
was published
Oct 1, 2024
An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges...
Critical
Unreviewed
CVE-2023-43457
was published
Sep 25, 2023
A condition exists in FlashArray Purity whereby a malicious user could use a remote...
Critical
Unreviewed
CVE-2024-0003
was published
Sep 23, 2024
A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows...
Critical
Unreviewed
CVE-2024-34331
was published
Sep 23, 2024
The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and...
Critical
Unreviewed
CVE-2024-8853
was published
Sep 20, 2024
Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise,...
Critical
Unreviewed
CVE-2023-0635
was published
Jul 6, 2023
API permission management vulnerability in the Fwk-Display module.Successful exploitation of this...
Critical
Unreviewed
CVE-2023-44106
was published
Oct 11, 2023
D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions.
Critical
Unreviewed
CVE-2023-44809
was published
Oct 16, 2023
An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to...
Critical
Unreviewed
CVE-2024-44893
was published
Sep 10, 2024
The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to...
Critical
Unreviewed
CVE-2024-7493
was published
Sep 6, 2024
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older...
Critical
Unreviewed
CVE-2023-39335
was published
Nov 15, 2023
An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain...
Critical
Unreviewed
CVE-2023-47132
was published
Feb 9, 2024
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative...
Critical
Unreviewed
CVE-2024-36439
was published
Aug 22, 2024
An issue in the component Access64.sys of Wistron Corporation TBT Force Power Control v1.0.0.0...
Critical
Unreviewed
CVE-2024-33226
was published
May 22, 2024
Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could...
Critical
Unreviewed
CVE-2024-33872
was published
Aug 20, 2024
An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01...
Critical
Unreviewed
CVE-2023-38944
was published
Mar 6, 2024
ProTip!
Advisories are also available from the
GraphQL API