GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,245
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
237 advisories
Filter by severity
"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a...
Moderate
Unreviewed
CVE-2024-6384
was published
Aug 13, 2024
Jenkins does not perform a permission check in an HTTP endpoint
Moderate
CVE-2024-43045
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Aug 7, 2024
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been classified...
Moderate
Unreviewed
CVE-2024-7578
was published
Aug 7, 2024
Bostr Improper Authorization vulnerability
Moderate
CVE-2024-41962
was published
for
bostr
(npm)
Aug 2, 2024
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported...
Moderate
Unreviewed
CVE-2024-21166
was published
Jul 17, 2024
OpenSearch Observability does not properly restrict access to private tenant resources
Moderate
CVE-2024-39901
was published
for
org.opensearch.plugin:opensearch-observability
(Maven)
Jul 10, 2024
A command for refining a collection shard key is missing an authorization check. This may cause...
Moderate
Unreviewed
CVE-2024-6375
was published
Jul 1, 2024
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do...
Moderate
Unreviewed
CVE-2023-35022
was published
Jun 30, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11...
Moderate
Unreviewed
CVE-2024-3959
was published
Jun 27, 2024
TYPO3 Broken Access Control in Localization Handling
Moderate
GHSA-772m-43f3-hmf8
was published
for
typo3/cms
(Composer)
Jun 7, 2024
Evmos allows unvested token delegations
Moderate
CVE-2024-37154
was published
for
github.com/evmos/evmos/v10
(Go)
Jun 6, 2024
Information Disclosure in TYPO3 Backend
Moderate
GHSA-vpr3-rc99-2wpr
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below,...
Moderate
Unreviewed
CVE-2024-23665
was published
Jun 3, 2024
FOSUserBundle User Identity Validation Vulnerability
Moderate
GHSA-8wx3-8m4x-g5h4
was published
for
friendsofsymfony/user-bundle
(Composer)
May 15, 2024
Certain MQTT wildcards are not blocked on the
CyberPower PowerPanel
system, which might result...
Moderate
Unreviewed
CVE-2024-31409
was published
May 15, 2024
A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been...
Moderate
Unreviewed
CVE-2024-4819
was published
May 14, 2024
A PendingIntent hijacking vulnerability was reported in the Motorola Face Unlock application...
Moderate
Unreviewed
CVE-2023-41819
was published
May 3, 2024
An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute...
Moderate
Unreviewed
CVE-2024-32359
was published
May 2, 2024
Quarkus: authorization flaw in quarkus resteasy reactive and classic
Moderate
CVE-2023-5675
was published
for
io.quarkus:quarkus-resteasy-reactive-common
(Maven)
Apr 25, 2024
Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed...
Moderate
Unreviewed
CVE-2024-3840
was published
Apr 17, 2024
Azure Migrate Remote Code Execution Vulnerability
Moderate
Unreviewed
CVE-2024-26193
was published
Apr 9, 2024
A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Affected...
Moderate
Unreviewed
CVE-2024-3434
was published
Apr 8, 2024
A vulnerability, which was classified as critical, has been found in SourceCodester Computer...
Moderate
Unreviewed
CVE-2024-3139
was published
Apr 2, 2024
A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated as critical. This issue...
Moderate
Unreviewed
CVE-2024-3013
was published
Mar 28, 2024
A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco...
Moderate
Unreviewed
CVE-2024-20333
was published
Mar 27, 2024
ProTip!
Advisories are also available from the
GraphQL API