Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

387 advisories

Loading
An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary,... Critical Unreviewed
CVE-2024-5128 was published Jun 6, 2024
Incorrect access control in the fingerprint authentication mechanism of Phone Cleaner: Boost &... Critical Unreviewed
CVE-2024-31682 was published Jun 3, 2024
Improper access control vulnerability in Prodys' Quantum Audio codec affecting versions 2.3.4t... Critical Unreviewed
CVE-2024-5168 was published May 23, 2024
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix missing update... Critical Unreviewed
CVE-2023-52801 was published May 21, 2024
Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded... Critical Unreviewed
CVE-2024-36080 was published May 19, 2024
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS... Critical Unreviewed
CVE-2024-27841 was published May 14, 2024
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit,... Critical Unreviewed
CVE-2024-31967 was published May 2, 2024
Shenzhen JF6000 Cloud Media Collaboration Processing Platform firmware version V1.2.0 and... Critical Unreviewed
CVE-2023-49473 was published Apr 30, 2024
Improper Access Control in Gitea Critical
CVE-2020-28991 was published for github.com/go-gitea/gitea (Go) Apr 24, 2024
Apache HugeGraph-Server: Command execution in gremlin Critical
CVE-2024-27348 was published for org.apache.hugegraph:hugegraph-api (Maven) Apr 22, 2024
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens... Critical Unreviewed
CVE-2024-21071 was published Apr 17, 2024
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit... Critical Unreviewed
CVE-2024-24486 was published Apr 15, 2024
The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated... Critical Unreviewed
CVE-2024-3777 was published Apr 15, 2024
A vulnerability classified as critical was found in Xiongmai AHB7804R-MH-V2, AHB8004T-GL,... Critical Unreviewed
CVE-2024-3765 was published Apr 15, 2024
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly... Critical Unreviewed
CVE-2024-29836 was published Apr 15, 2024
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2024-29990 was published Apr 9, 2024
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive... Critical Unreviewed
CVE-2023-1083 was published Apr 9, 2024
In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without... Critical Unreviewed
CVE-2024-31815 was published Apr 8, 2024
Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface... Critical Unreviewed
CVE-2024-27602 was published Apr 2, 2024
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can... Critical Unreviewed
CVE-2024-25735 was published Mar 27, 2024
Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control... Critical Unreviewed
CVE-2024-29866 was published Mar 21, 2024
An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1... Critical Unreviewed
CVE-2020-26942 was published Mar 21, 2024
The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in... Critical Unreviewed
CVE-2021-47155 was published Mar 18, 2024
Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has... Critical Unreviewed
CVE-2022-47036 was published Mar 18, 2024
An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a... Critical Unreviewed
CVE-2024-28390 was published Mar 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database