Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,005 advisories

Loading
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0... High Unreviewed
CVE-2024-38329 was published Jun 19, 2024
The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an... High Unreviewed
CVE-2024-2098 was published Jun 13, 2024
Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0 High
CVE-2024-37300 was published for oauthenticator (pip) Jun 12, 2024
minrk yuvipanda
manics
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos... High Unreviewed
CVE-2024-2698 was published Jun 12, 2024
This issue was addressed with improved permissions checking. This issue is fixed in macOS Sonoma... High Unreviewed
CVE-2024-27848 was published Jun 10, 2024
An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including... High Unreviewed
CVE-2024-5130 was published Jun 6, 2024
The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-5324 was published Jun 6, 2024
In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions... High Unreviewed
CVE-2024-36963 was published Jun 3, 2024
Silverstripe SiteTree Creation Permission Vulnerability High
GHSA-3mm9-2p44-rw39 was published for silverstripe/cms (Composer) May 22, 2024
Zoho ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a... High Unreviewed
CVE-2024-27312 was published May 20, 2024
MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64... High Unreviewed
CVE-2024-3745 was published May 18, 2024
Grafana account takeover via OAuth vulnerability High
CVE-2022-31107 was published for github.com/grafana/grafana (Go) May 14, 2024
An authorization issue was addressed with improved state management. This issue is fixed in macOS... High Unreviewed
CVE-2024-27798 was published May 14, 2024
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag High
CVE-2024-34346 was published for deno (Rust) May 8, 2024
mmastrac
In multiple locations, there is a possible notification listener grant to an app running in the... High Unreviewed
CVE-2024-0043 was published May 7, 2024
A vulnerability exists in the web-authentication component of the SDM600. If exploited an... High Unreviewed
CVE-2024-2378 was published Apr 30, 2024
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Script Engine). ... High Unreviewed
CVE-2024-21083 was published Apr 17, 2024
OpenFGA Authorization Bypass High
CVE-2024-31452 was published for github.com/openfga/openfga (Go) Apr 16, 2024
Dusk plugin may allow unfettered user authentication in misconfigured installs High
CVE-2024-32003 was published for winter/wn-dusk-plugin (Composer) Apr 12, 2024
bennothommo
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode High
CVE-2024-27309 was published for org.apache.kafka:kafka-metadata (Maven) Apr 12, 2024
An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary... High Unreviewed
CVE-2024-1625 was published Apr 10, 2024
ZITADEL's actions can overload reserved claims High
CVE-2024-29892 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024
schettn fforootd
adlerhurst livio-a
Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows... High Unreviewed
CVE-2023-6400 was published Mar 27, 2024
Ignite Realtime Openfire privilege escalation vulnerability High
CVE-2024-25421 was published for org.igniterealtime.openfire:xmppserver (Maven) Mar 26, 2024
Ignite Realtime Openfire privilege escalation vulnerability High
CVE-2024-25420 was published for org.igniterealtime.openfire:xmppserver (Maven) Mar 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database