Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

387 advisories

Loading
eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via... Critical Unreviewed
CVE-2024-42919 was published Aug 20, 2024
An issue in the login component (process_login.php) of Hotel Management System commit 79d688... Critical Unreviewed
CVE-2024-42559 was published Aug 20, 2024
Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the... Critical Unreviewed
CVE-2024-42967 was published Aug 15, 2024
Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the... Critical Unreviewed
CVE-2024-42966 was published Aug 15, 2024
Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network... Critical Unreviewed
CVE-2024-24986 was published Aug 14, 2024
RBAC Roles for `etcd` created by Kamaji are not disjunct Critical
CVE-2024-42480 was published for github.com/clastix/kamaji (Go) Aug 12, 2024
SimonKienzler prometherion
A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in... Critical Unreviewed
CVE-2024-40480 was published Aug 12, 2024
An improper access control vulnerability exists in the mintplex-labs/anything-llm application,... Critical Unreviewed
CVE-2024-3279 was published Aug 12, 2024
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager... Critical Unreviewed
CVE-2024-41912 was published Aug 7, 2024
An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa... Critical Unreviewed
CVE-2024-41247 was published Aug 7, 2024
It was possible for a web extension with minimal permissions to create a `StreamFilter` which... Critical Unreviewed
CVE-2024-7525 was published Aug 6, 2024
Mattermost allows unsolicited invites to expose access to local channels Critical
CVE-2024-39777 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel Critical
CVE-2024-39274 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control. Critical Unreviewed
CVE-2024-28805 was published Jul 29, 2024
Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows... Critical Unreviewed
CVE-2024-40117 was published Jul 26, 2024
Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate... Critical Unreviewed
CVE-2024-36535 was published Jul 24, 2024
Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and... Critical Unreviewed
CVE-2024-36540 was published Jul 24, 2024
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to... Critical Unreviewed
CVE-2024-38164 was published Jul 24, 2024
LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed... Critical Unreviewed
CVE-2024-41703 was published Jul 22, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11... Critical Unreviewed
CVE-2024-6385 was published Jul 11, 2024
TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive... Critical Unreviewed
CVE-2024-39376 was published Jun 27, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11... Critical Unreviewed
CVE-2024-5655 was published Jun 27, 2024
GigaDevice GD32E103C8T6 devices have Incorrect Access Control. Critical Unreviewed
CVE-2024-21741 was published Jun 25, 2024
Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An... Critical Unreviewed
CVE-2024-33898 was published Jun 25, 2024
Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112... Critical Unreviewed
CVE-2024-22074 was published Jun 6, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database