GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
500 advisories
Filter by severity
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4,...
Moderate
Unreviewed
CVE-2023-5061
was published
Dec 15, 2023
An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7...
Moderate
Unreviewed
CVE-2024-0456
was published
Jan 26, 2024
An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3,...
Moderate
Unreviewed
CVE-2023-6564
was published
Feb 8, 2024
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions...
Moderate
Unreviewed
CVE-2023-2233
was published
Sep 29, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6...
Moderate
Unreviewed
CVE-2024-0861
was published
Feb 22, 2024
A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow...
Moderate
Unreviewed
CVE-2024-20414
was published
Sep 25, 2024
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low...
Moderate
Unreviewed
CVE-2024-20441
was published
Oct 2, 2024
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W,...
High
Unreviewed
CVE-2024-20393
was published
Oct 2, 2024
A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been...
Moderate
Unreviewed
CVE-2024-9297
was published
Sep 28, 2024
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability
Moderate
CVE-2024-45043
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
(Go)
Aug 29, 2024
The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7...
High
Unreviewed
CVE-2023-37491
was published
Aug 8, 2023
SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does...
Moderate
Unreviewed
CVE-2024-21736
was published
Jan 9, 2024
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as...
Moderate
Unreviewed
CVE-2024-9082
was published
Sep 22, 2024
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers
High
CVE-2023-3518
was published
for
github.com/hashicorp/consul
(Go)
Aug 9, 2023
Improper Authorization in modoboa
Critical
CVE-2023-2227
was published
for
modoboa
(pip)
Apr 21, 2023
matrix-synapse vulnerable to improper validation of receipts allows forged read receipts
Moderate
CVE-2023-42453
was published
for
matrix-synapse
(pip)
Sep 26, 2023
Improper Authentication, Missing Authentication for Critical Function, Improper Authorization...
High
Unreviewed
CVE-2024-7015
was published
Sep 9, 2024
IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions...
High
Unreviewed
CVE-2023-40683
was published
Jan 19, 2024
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission
Low
CVE-2024-46989
was published
for
github.com/authzed/spicedb
(Go)
Sep 18, 2024
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows...
High
Unreviewed
CVE-2024-43460
was published
Sep 17, 2024
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability
Moderate
CVE-2024-46943
was published
for
org.opendaylight.aaa:aaa-artifacts
(Maven)
Sep 16, 2024
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries
Moderate
CVE-2024-46942
was published
for
org.opendaylight.mdsal:mdsal-artifacts
(Maven)
Sep 16, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-39412
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
A vulnerability was found in subscription-manager that allows local privilege escalation due to...
High
Unreviewed
CVE-2023-3899
was published
Aug 23, 2023
ProTip!
Advisories are also available from the
GraphQL API