Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

26 advisories

Loading
A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer... Low Unreviewed
CVE-2026-4958 was published Mar 27, 2026
A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the... Low Unreviewed
CVE-2026-4549 was published Mar 22, 2026
In affected versions of Octopus Server it was possible for a low privileged user to manipulate an... Low Unreviewed
CVE-2026-3237 was published Mar 17, 2026
A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability... Low Unreviewed
CVE-2026-2974 was published Feb 23, 2026
A logic issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and... Low Unreviewed
CVE-2026-20656 was published Feb 12, 2026
The Rankology SEO and Analytics Tool plugin for WordPress is vulnerable to unauthorized... Low Unreviewed
CVE-2025-12958 was published Jan 7, 2026
A vulnerability was identified in fushengqian fuint up to... Low Unreviewed
CVE-2025-12623 was published Nov 3, 2025
The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address... Low Unreviewed
CVE-2025-11244 was published Oct 25, 2025
Access permission verification vulnerability in the Notepad module Impact: Successful... Low Unreviewed
CVE-2024-42036 was published Aug 8, 2024
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of... Low Unreviewed
CVE-2025-4654 was published Jul 2, 2025
Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and... Low Unreviewed
CVE-2017-0895 was published May 13, 2022
Improper authorization in application password policy in Devolutions Remote Desktop Manager on... Low Unreviewed
CVE-2025-2528 was published Mar 26, 2025
There is an improper authorization vulnerability in some Huawei smartphones. An attacker could... Low Unreviewed
CVE-2020-9081 was published Dec 27, 2024
An attacker with local access to the machine could record the traffic, which could allow them... Low Unreviewed
CVE-2023-24476 was published Jun 8, 2023
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). Low Unreviewed
CVE-2018-20927 was published May 24, 2022
The Gotham video-application-server service contained a race condition which would cause it to... Low Unreviewed
CVE-2023-30954 was published Nov 15, 2023
Sensitive information disclosure and manipulation due to improper authorization. The following... Low Unreviewed
CVE-2023-44154 was published Sep 27, 2023
Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access... Low Unreviewed
CVE-2022-33705 was published Jul 13, 2022
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain... Low Unreviewed
CVE-2022-30757 was published Jul 13, 2022
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to... Low Unreviewed
CVE-2022-22272 was published Jan 11, 2022
Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows... Low Unreviewed
CVE-2022-39879 was published Nov 10, 2022
Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows... Low Unreviewed
CVE-2022-36857 was published Sep 10, 2022
Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local... Low Unreviewed
CVE-2022-36852 was published Sep 10, 2022
Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical... Low Unreviewed
CVE-2022-36876 was published Sep 10, 2022
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to... Low Unreviewed
CVE-2022-4062 was published Feb 1, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database