Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,066 advisories

Loading
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)... Moderate Unreviewed
CVE-2024-20466 was published Aug 21, 2024
Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability. This... Moderate Unreviewed
CVE-2024-7604 was published Aug 21, 2024
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an... Moderate Unreviewed
CVE-2024-7711 was published Aug 20, 2024
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed... Moderate Unreviewed
CVE-2024-6337 was published Aug 20, 2024
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application... Moderate Unreviewed
CVE-2024-41941 was published Aug 13, 2024
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533... Moderate Unreviewed
CVE-2024-7004 was published Aug 6, 2024
Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence. Moderate Unreviewed
CVE-2024-6358 was published Aug 6, 2024
In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via... Moderate Unreviewed
CVE-2024-4447 was published Jul 26, 2024
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check Moderate
CVE-2024-40648 was published for matrix-sdk-crypto (Rust) Jul 18, 2024
dkasak poljar
Silverstripe Reports are still accessible even when `canView()` returns false Moderate
CVE-2024-29885 was published for silverstripe/reports (Composer) Jul 17, 2024
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed... Moderate Unreviewed
CVE-2024-5817 was published Jul 17, 2024
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed... Moderate Unreviewed
CVE-2024-5816 was published Jul 17, 2024
Red-DiscordBot vulnerable to Incorrect Authorization in commands API Moderate
CVE-2024-39905 was published for Red-DiscordBot (pip) Jul 11, 2024
Flame442
A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning Moderate Unreviewed
CVE-2024-6150 was published Jul 10, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1).... Moderate Unreviewed
CVE-2024-39871 was published Jul 9, 2024
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records Moderate
CVE-2024-39322 was published for aimeos/ai-admin-jsonadm (Composer) Jul 2, 2024
ssshah2131
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information... Moderate Unreviewed
CVE-2023-38368 was published Jun 27, 2024
The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating... Moderate Unreviewed
CVE-2024-5071 was published Jun 26, 2024
The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of... Moderate Unreviewed
CVE-2024-1639 was published Jun 21, 2024
SFTPGo has insufficient access control for password reset Moderate
CVE-2024-37897 was published for github.com/drakkan/sftpgo/v2 (Go) Jun 20, 2024
t7tran
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss... Moderate Unreviewed
CVE-2024-5860 was published Jun 18, 2024
Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Incorrect... Moderate Unreviewed
CVE-2024-34130 was published Jun 13, 2024
Magento Open Source Incorrect Authorization vulnerability Moderate
CVE-2024-34106 was published for magento/community-edition (Composer) Jun 13, 2024
Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical... Moderate Unreviewed
CVE-2024-0160 was published Jun 12, 2024
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote... Moderate Unreviewed
CVE-2024-31403 was published Jun 11, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database