Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

325 advisories

Loading
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0... Critical Unreviewed
CVE-2024-45519 was published Oct 3, 2024
Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android... Critical Unreviewed
CVE-2023-4617 was published Dec 19, 2024
Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf... Critical Unreviewed
CVE-2024-54662 was published Dec 17, 2024
A permissions issue was addressed by removing vulnerable code and adding additional checks. This... Critical Unreviewed
CVE-2024-44217 was published Oct 29, 2024
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability.... Critical Unreviewed
CVE-2024-11680 was published Nov 26, 2024
An authentication issue was addressed with improved state management. This issue is fixed in... Critical Unreviewed
CVE-2024-23255 was published Mar 8, 2024
Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value... Critical Unreviewed
CVE-2024-52732 was published Dec 2, 2024
A misconfiguration in the fingerprint authentication mechanism of Binance: BTC, Crypto and NFTS... Critical Unreviewed
CVE-2024-31695 was published Nov 15, 2024
UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on... Critical Unreviewed
CVE-2023-31997 was published Jul 1, 2023
An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate... Critical Unreviewed
CVE-2023-29381 was published Jul 6, 2023
lunary-ai/lunary allows users unauthorized access to projects Critical
CVE-2024-4146 was published for lunary (npm) Jun 8, 2024 withdrawn
vincelwt
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints Critical
CVE-2024-42490 was published for goauthentik.io (Go) Aug 22, 2024
m2a2
fabedge has insecure permissions Critical
CVE-2024-36536 was published for github.com/fabedge/fabedge (Go) Jul 24, 2024
In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows... Critical Unreviewed
CVE-2024-3379 was published Nov 14, 2024
Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control,... Critical Unreviewed
CVE-2023-31704 was published Jul 13, 2023
An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in... Critical Unreviewed
CVE-2024-42773 was published Aug 22, 2024
Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of... Critical Unreviewed
CVE-2024-48176 was published Nov 6, 2024
WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController... Critical Unreviewed
CVE-2024-48237 was published Oct 26, 2024
Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control.... Critical Unreviewed
CVE-2024-41617 was published Oct 25, 2024
** DISPUTED ** An issue was discovered in SMA Solar Technology products. A secondary... Critical Unreviewed
CVE-2017-9855 was published May 13, 2022
Incorrect access control in the fingerprint authentication mechanism of Phone Cleaner: Boost &... Critical Unreviewed
CVE-2024-31682 was published Jun 3, 2024
An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to... Critical Unreviewed
CVE-2024-28394 was published Mar 20, 2024
The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding... Critical Unreviewed
CVE-2024-48548 was published Oct 24, 2024
Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the... Critical Unreviewed
CVE-2024-42966 was published Aug 15, 2024
An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An... Critical Unreviewed
CVE-2024-23629 was published Jan 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database