Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,005 advisories

Loading
This issue was addressed with improved permissions checking. This issue is fixed in macOS Sonoma... High Unreviewed
CVE-2024-27848 was published Jun 10, 2024
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos... High Unreviewed
CVE-2024-2698 was published Jun 12, 2024
Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0 High
CVE-2024-37300 was published for oauthenticator (pip) Jun 12, 2024
minrk yuvipanda
manics
The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an... High Unreviewed
CVE-2024-2098 was published Jun 13, 2024
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0... High Unreviewed
CVE-2024-38329 was published Jun 19, 2024
A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications,... High Unreviewed
CVE-2024-37002 was published Jun 25, 2024
Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to... High Unreviewed
CVE-2024-6323 was published Jun 27, 2024
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account High
CVE-2024-39323 was published for aimeos/ai-admin-graphql (Composer) Jul 2, 2024
ssshah2131
Evmos vulnerable to exploit of smart contract account and vesting High
CVE-2024-39696 was published for github.com/evmos/evmos/v18 (Go) Jul 10, 2024
GAtom22
NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects High
CVE-2022-29946 was published for github.com/nats-io/nats-server/v2 (Go) Jul 11, 2024
Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite ... High Unreviewed
CVE-2024-21149 was published Jul 17, 2024
AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have... High Unreviewed
CVE-2024-31970 was published Jul 24, 2024
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly... High Unreviewed
CVE-2024-38884 was published Aug 2, 2024
Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through... High Unreviewed
CVE-2024-38856 was published Aug 5, 2024
Alpine allows URL access filter bypass High
CVE-2022-23553 was published for us.springett:alpine (Maven) Aug 5, 2024
CloudStack account-users by default use username and password based authentication for API and UI... High Unreviewed
CVE-2024-42062 was published Aug 7, 2024
Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy... High Unreviewed
CVE-2024-7265 was published Aug 7, 2024
Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy... High Unreviewed
CVE-2024-7266 was published Aug 7, 2024
OpenFGA Authorization Bypass High
CVE-2024-42473 was published for github.com/openfga/openfga (Go) Aug 9, 2024
sidneibjunior
Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user... High Unreviewed
CVE-2024-7697 was published Aug 12, 2024
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application... High Unreviewed
CVE-2024-41939 was published Aug 13, 2024
Incorrect Authorization vulnerability in WPWeb Docket (WooCommerce Collections / Wishlist /... High Unreviewed
CVE-2024-43131 was published Aug 13, 2024
The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in... High Unreviewed
CVE-2024-7624 was published Aug 15, 2024
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access High
CVE-2024-44076 was published for io.github.microcks:microcks-app (Maven) Aug 19, 2024
Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing... High Unreviewed
CVE-2024-43250 was published Aug 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database