Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

403 advisories

Loading
Kirby has insufficient permission checks in the language settings High
CVE-2024-41964 was published for getkirby/cms (Composer) Aug 29, 2024
SebastianEberlein-JUNO
AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template Moderate
CVE-2024-45037 was published for aws-cdk (npm) Aug 27, 2024
t0bst4r
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints Critical
CVE-2024-42490 was published for goauthentik.io (Go) Aug 22, 2024
m2a2
Capsule tenant owner with "patch namespace" permission can hijack system namespaces High
CVE-2024-39690 was published for github.com/projectcapsule/capsule (Go) Aug 20, 2024
sparkEchooo
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access High
CVE-2024-44076 was published for io.github.microcks:microcks-app (Maven) Aug 19, 2024
OpenFGA Authorization Bypass High
CVE-2024-42473 was published for github.com/openfga/openfga (Go) Aug 9, 2024
sidneibjunior
Alpine allows URL access filter bypass High
CVE-2022-23553 was published for us.springett:alpine (Maven) Aug 5, 2024
fabedge has insecure permissions Critical
CVE-2024-36536 was published for github.com/fabedge/fabedge (Go) Jul 24, 2024
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check Moderate
CVE-2024-40648 was published for matrix-sdk-crypto (Rust) Jul 18, 2024
dkasak poljar
Silverstripe Reports are still accessible even when `canView()` returns false Moderate
CVE-2024-29885 was published for silverstripe/reports (Composer) Jul 17, 2024
NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects High
CVE-2022-29946 was published for github.com/nats-io/nats-server/v2 (Go) Jul 11, 2024
Red-DiscordBot vulnerable to Incorrect Authorization in commands API Moderate
CVE-2024-39905 was published for Red-DiscordBot (pip) Jul 11, 2024
Flame442
Evmos vulnerable to exploit of smart contract account and vesting High
CVE-2024-39696 was published for github.com/evmos/evmos/v18 (Go) Jul 10, 2024
GAtom22
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records Moderate
CVE-2024-39322 was published for aimeos/ai-admin-jsonadm (Composer) Jul 2, 2024
ssshah2131
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services Low
CVE-2024-39324 was published for aimeos/ai-admin-graphql (Composer) Jul 2, 2024
ssshah2131
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account High
CVE-2024-39323 was published for aimeos/ai-admin-graphql (Composer) Jul 2, 2024
ssshah2131
XWiki programming rights may be inherited by inclusion Critical
CVE-2024-38369 was published for org.xwiki.platform:xwiki-platform-rendering-macro-include (Maven) Jun 24, 2024
SFTPGo has insufficient access control for password reset Moderate
CVE-2024-37897 was published for github.com/drakkan/sftpgo/v2 (Go) Jun 20, 2024
t7tran
Magento Open Source Incorrect Authorization vulnerability Moderate
CVE-2024-34106 was published for magento/community-edition (Composer) Jun 13, 2024
Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0 High
CVE-2024-37300 was published for oauthenticator (pip) Jun 12, 2024
minrk yuvipanda
manics
Apache Submarine Server Core Incorrect Authorization vulnerability Critical
CVE-2024-36265 was published for apache-submarine (Maven) Jun 12, 2024
lunary-ai/lunary allows users unauthorized access to projects Critical
CVE-2024-4146 was published for lunary (npm) Jun 8, 2024 withdrawn
vincelwt
Evmos allows unvested token delegations Moderate
CVE-2024-37154 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
TYPO3 Broken Access Control in Import Module Moderate
GHSA-g776-759r-pf6x was published for typo3/cms-core (Composer) May 30, 2024
Silverstripe SiteTree Creation Permission Vulnerability High
GHSA-3mm9-2p44-rw39 was published for silverstripe/cms (Composer) May 22, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database