Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

500 advisories

Loading
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4,... Moderate Unreviewed
CVE-2023-5061 was published Dec 15, 2023
An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7... Moderate Unreviewed
CVE-2024-0456 was published Jan 26, 2024
An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3,... Moderate Unreviewed
CVE-2023-6564 was published Feb 8, 2024
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions... Moderate Unreviewed
CVE-2023-2233 was published Sep 29, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6... Moderate Unreviewed
CVE-2024-0861 was published Feb 22, 2024
A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow... Moderate Unreviewed
CVE-2024-20414 was published Sep 25, 2024
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low... Moderate Unreviewed
CVE-2024-20441 was published Oct 2, 2024
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W,... High Unreviewed
CVE-2024-20393 was published Oct 2, 2024
A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been... Moderate Unreviewed
CVE-2024-9297 was published Sep 28, 2024
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability Moderate
CVE-2024-45043 was published for github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver (Go) Aug 29, 2024
DouglasHeriot Aneurysm9
arminru
The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7... High Unreviewed
CVE-2023-37491 was published Aug 8, 2023
SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does... Moderate Unreviewed
CVE-2024-21736 was published Jan 9, 2024
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as... Moderate Unreviewed
CVE-2024-9082 was published Sep 22, 2024
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers High
CVE-2023-3518 was published for github.com/hashicorp/consul (Go) Aug 9, 2023
anonymous4ACL24
Improper Authorization in modoboa Critical
CVE-2023-2227 was published for modoboa (pip) Apr 21, 2023
matrix-synapse vulnerable to improper validation of receipts allows forged read receipts Moderate
CVE-2023-42453 was published for matrix-synapse (pip) Sep 26, 2023
Improper Authentication, Missing Authentication for Critical Function, Improper Authorization... High Unreviewed
CVE-2024-7015 was published Sep 9, 2024
IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions... High Unreviewed
CVE-2023-40683 was published Jan 19, 2024
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission Low
CVE-2024-46989 was published for github.com/authzed/spicedb (Go) Sep 18, 2024
tim-mod
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows... High Unreviewed
CVE-2024-43460 was published Sep 17, 2024
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability Moderate
CVE-2024-46943 was published for org.opendaylight.aaa:aaa-artifacts (Maven) Sep 16, 2024
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries Moderate
CVE-2024-46942 was published for org.opendaylight.mdsal:mdsal-artifacts (Maven) Sep 16, 2024
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-39412 was published for magento/community-edition (Composer) Aug 14, 2024
A vulnerability was found in subscription-manager that allows local privilege escalation due to... High Unreviewed
CVE-2023-3899 was published Aug 23, 2023
Improper Authorization in cobbler High
CVE-2022-0860 was published for cobbler (pip) Mar 11, 2022
ysf
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database