Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
Sentry improperly authorizes muting of alert rules High
CVE-2024-45606 was published for sentry (pip) Sep 17, 2024
emanuelbeni
Sylius has a security vulnerability via adjustments API endpoint High
CVE-2024-40633 was published for sylius/sylius (Composer) Jul 17, 2024
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes High
CVE-2024-39321 was published for github.com/traefik/traefik/v2 (Go) Jul 5, 2024
MWedl
OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation High
CVE-2024-29194 was published for @oneuptime/common-server (npm) Mar 25, 2024
saunders-jake
AsyncSSH Rogue Session Attack High
CVE-2023-46446 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
Netmaker IDOR Allows User to Update Other User's Password High
CVE-2023-32078 was published for github.com/gravitl/netmaker (Go) Aug 25, 2023
rootxharsh iamnoooob
DataEase API interface has IDOR vulnerability High
CVE-2023-32310 was published for io.dataease:dataease-plugin-common (Maven) Jun 2, 2023
lujiefsi
usememos/memos Improper Access Control vulnerability High
CVE-2022-4803 was published for github.com/usememos/memos (Go) Dec 28, 2022
Magento Improper input validation vulnerability High
CVE-2022-42344 was published for magento/community-edition (Composer) Oct 20, 2022
Authorization Bypass in parse-path High
CVE-2022-0624 was published for parse-path (npm) Jun 29, 2022
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation High
CVE-2020-13700 was published for airesvsg/acf-to-rest-api (Composer) May 24, 2022
MarkLee131
Magento 2 Community Edition Access Control Bypass High
CVE-2019-7950 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition IDOR Vulnerability High
CVE-2019-7890 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition IDOR Vulnerability High
CVE-2019-7854 was published for magento/community-edition (Composer) May 24, 2022
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS High
CVE-2021-41120 was published for sylius/paypal-plugin (Composer) Oct 6, 2021
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification High
CVE-2021-41129 was published for pterodactyl/panel (Composer) Oct 4, 2021
Machine-In-The-Middle in lix High
CVE-2020-10800 was published for lix (npm) Apr 16, 2020
High severity vulnerability that affects YamlDotNet and YamlDotNet.Signed High
CVE-2018-1000210 was published for YamlDotNet (NuGet) Oct 16, 2018
ProTip! Advisories are also available from the GraphQL API