Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

103 advisories

Loading
Oqtane Framework Insecure Direct Object Reference vulnerability Low
CVE-2024-55186 was published for Oqtane.Client (NuGet) Dec 20, 2024
The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in... Low Unreviewed
CVE-2024-9654 was published Dec 17, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6... Low Unreviewed
CVE-2024-10043 was published Dec 12, 2024
Moodle's user/power level management inconsistent with suspended users Low
CVE-2024-43433 was published for moodle/moodle (Composer) Nov 11, 2024
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 and 10.0.x <= 10.0.0 fail... Low Unreviewed
CVE-2024-42000 was published Nov 9, 2024
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API Low
CVE-2024-48925 was published for Umbraco.CMS (NuGet) Oct 22, 2024
thanhlam-attt
Information Disclosure in TYPO3 Page Tree Low
CVE-2024-47780 was published for typo3/cms-backend (Composer) Oct 8, 2024
ohader jpmschuler
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3... Low Unreviewed
CVE-2024-8974 was published Sep 27, 2024
BTS is affected by information disclosure vulnerability where mobile network operator personnel... Low Unreviewed
CVE-2023-25189 was published Sep 25, 2024
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to... Low Unreviewed
CVE-2024-44114 was published Sep 10, 2024
Incorrect Authorization vulnerability in Yassine Idrissi Maintenance & Coming Soon Redirect... Low Unreviewed
CVE-2024-43944 was published Aug 29, 2024
Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within... Low Unreviewed
CVE-2024-8011 was published Aug 25, 2024
Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD... Low Unreviewed
CVE-2021-26387 was published Aug 13, 2024
In affected versions of Octopus Server under certain conditions, a user with specific role... Low Unreviewed
CVE-2024-4811 was published Jul 25, 2024
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services Low
CVE-2024-39324 was published for aimeos/ai-admin-graphql (Composer) Jul 2, 2024
ssshah2131
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11... Low Unreviewed
CVE-2024-4011 was published Jun 27, 2024
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service Low
CVE-2024-27086 was published for Microsoft.Identity.Client (NuGet) Apr 16, 2024
localden bgavrilMS
gladjohn pmaytak jmprieur christothes ntc-swiss-team
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline Low
CVE-2024-30260 was published for undici (npm) Apr 4, 2024
This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 1.1,... Low Unreviewed
CVE-2024-23262 was published Mar 8, 2024
An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions... Low Unreviewed
CVE-2023-3509 was published Feb 22, 2024
Improper authorization verification vulnerability in Samsung Internet prior to version 24.0... Low Unreviewed
CVE-2024-20828 was published Feb 6, 2024
changedetection.io API endpoint is not secured with API token Low
CVE-2024-23329 was published for changedetection.io (pip) Jan 23, 2024
rozpuszczalny
Nautobot missing object-level permissions enforcement when running Job Buttons Low
CVE-2023-51649 was published for nautobot (pip) Dec 22, 2023
abdikanipd
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed... Low Unreviewed
CVE-2023-51380 was published Dec 21, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4... Low Unreviewed
CVE-2023-3511 was published Dec 15, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database