Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,245
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

237 advisories

Loading
"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a... Moderate Unreviewed
CVE-2024-6384 was published Aug 13, 2024
Jenkins does not perform a permission check in an HTTP endpoint Moderate
CVE-2024-43045 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been classified... Moderate Unreviewed
CVE-2024-7578 was published Aug 7, 2024
Bostr Improper Authorization vulnerability Moderate
CVE-2024-41962 was published for bostr (npm) Aug 2, 2024
cxplay
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported... Moderate Unreviewed
CVE-2024-21166 was published Jul 17, 2024
OpenSearch Observability does not properly restrict access to private tenant resources Moderate
CVE-2024-39901 was published for org.opensearch.plugin:opensearch-observability (Maven) Jul 10, 2024
A command for refining a collection shard key is missing an authorization check. This may cause... Moderate Unreviewed
CVE-2024-6375 was published Jul 1, 2024
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do... Moderate Unreviewed
CVE-2023-35022 was published Jun 30, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11... Moderate Unreviewed
CVE-2024-3959 was published Jun 27, 2024
TYPO3 Broken Access Control in Localization Handling Moderate
GHSA-772m-43f3-hmf8 was published for typo3/cms (Composer) Jun 7, 2024
Evmos allows unvested token delegations Moderate
CVE-2024-37154 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
Information Disclosure in TYPO3 Backend Moderate
GHSA-vpr3-rc99-2wpr was published for typo3/cms (Composer) Jun 5, 2024
Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below,... Moderate Unreviewed
CVE-2024-23665 was published Jun 3, 2024
FOSUserBundle User Identity Validation Vulnerability Moderate
GHSA-8wx3-8m4x-g5h4 was published for friendsofsymfony/user-bundle (Composer) May 15, 2024
Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result... Moderate Unreviewed
CVE-2024-31409 was published May 15, 2024
A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been... Moderate Unreviewed
CVE-2024-4819 was published May 14, 2024
A PendingIntent hijacking vulnerability was reported in the Motorola Face Unlock application... Moderate Unreviewed
CVE-2023-41819 was published May 3, 2024
An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute... Moderate Unreviewed
CVE-2024-32359 was published May 2, 2024
Quarkus: authorization flaw in quarkus resteasy reactive and classic Moderate
CVE-2023-5675 was published for io.quarkus:quarkus-resteasy-reactive-common (Maven) Apr 25, 2024
bschuhmann
Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed... Moderate Unreviewed
CVE-2024-3840 was published Apr 17, 2024
Azure Migrate Remote Code Execution Vulnerability Moderate Unreviewed
CVE-2024-26193 was published Apr 9, 2024
A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Affected... Moderate Unreviewed
CVE-2024-3434 was published Apr 8, 2024
A vulnerability, which was classified as critical, has been found in SourceCodester Computer... Moderate Unreviewed
CVE-2024-3139 was published Apr 2, 2024
A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated as critical. This issue... Moderate Unreviewed
CVE-2024-3013 was published Mar 28, 2024
A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco... Moderate Unreviewed
CVE-2024-20333 was published Mar 27, 2024
ProTip! Advisories are also available from the GraphQL API