Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

169 advisories

Loading
This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to... High Unreviewed
CVE-2024-8601 was published Sep 9, 2024
Sentry improperly authorizes muting of alert rules High
CVE-2024-45606 was published for sentry (pip) Sep 17, 2024
emanuelbeni
A bug in the 9p authentication implementation within lib9p allows an attacker with an existing... High Unreviewed
CVE-2024-8158 was published Aug 26, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub... High Unreviewed
CVE-2024-3306 was published Sep 12, 2024
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its... High Unreviewed
CVE-2024-45786 was published Sep 11, 2024
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege... High Unreviewed
CVE-2024-8428 was published Sep 6, 2024
Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product... High Unreviewed
CVE-2024-42463 was published Aug 16, 2024
Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product... High Unreviewed
CVE-2024-42464 was published Aug 16, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe... High Unreviewed
CVE-2024-43315 was published Aug 19, 2024
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes High
CVE-2024-39321 was published for github.com/traefik/traefik/v2 (Go) Jul 5, 2024
MWedl
Sylius has a security vulnerability via adjustments API endpoint High
CVE-2024-40633 was published for sylius/sylius (Composer) Jul 17, 2024
The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19... High Unreviewed
CVE-2022-41479 was published Oct 18, 2022
NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request... High Unreviewed
CVE-2024-38447 was published Jul 17, 2024
Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control... High Unreviewed
CVE-2024-32166 was published Apr 19, 2024
A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment... High Unreviewed
CVE-2023-3285 was published Jul 9, 2024
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any... High Unreviewed
CVE-2023-3289 was published Jul 9, 2024
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user ... High Unreviewed
CVE-2023-3288 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to... High Unreviewed
CVE-2023-38047 was published Jul 9, 2024
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged... High Unreviewed
CVE-2023-3286 was published Jul 9, 2024
SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to... High Unreviewed
CVE-2024-24312 was published May 1, 2024
Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to... High Unreviewed
CVE-2024-33383 was published Apr 30, 2024
Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows... High Unreviewed
CVE-2024-28320 was published Apr 29, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS... High Unreviewed
CVE-2024-1107 was published Jun 27, 2024
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through... High Unreviewed
CVE-2021-36388 was published May 24, 2022
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an... High Unreviewed
CVE-2021-36389 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API