Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,065 advisories

Loading
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects Moderate Unreviewed
CVE-2024-56350 was published Dec 20, 2024
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of... Moderate Unreviewed
CVE-2024-56348 was published Dec 20, 2024
Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This... Moderate Unreviewed
CVE-2024-12831 was published Dec 20, 2024
Elasticsearch Incorrect Authorization vulnerability Moderate
CVE-2024-12539 was published for org.elasticsearch:elasticsearch (Maven) Dec 17, 2024
An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5... Moderate Unreviewed
CVE-2024-8116 was published Dec 16, 2024
An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5... Moderate Unreviewed
CVE-2024-8650 was published Dec 16, 2024
The issue was addressed with improved permissions logic. This issue is fixed in macOS Sequoia 15... Moderate Unreviewed
CVE-2024-54495 was published Dec 12, 2024
Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x <= 9.9.2 fail to properly propagate... Moderate Unreviewed
CVE-2024-12247 was published Dec 5, 2024
Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier... Moderate Unreviewed
CVE-2024-12196 was published Dec 4, 2024
Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and... Moderate Unreviewed
CVE-2024-12148 was published Dec 4, 2024
Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance... Moderate Unreviewed
CVE-2023-52944 was published Dec 4, 2024
Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance... Moderate Unreviewed
CVE-2023-52943 was published Dec 4, 2024
Withdrawn Advisory: Symfony http-security has authentication bypass Moderate
CVE-2024-36611 was published for symfony/security-http (Composer) Nov 29, 2024 withdrawn
jderusse
An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5... Moderate Unreviewed
CVE-2024-11669 was published Nov 26, 2024
Incorrect access control in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows attackers with... Moderate Unreviewed
CVE-2024-50671 was published Nov 25, 2024
Incorrect authorization in the permission validation component of Devolutions Remote Desktop... Moderate Unreviewed
CVE-2024-11670 was published Nov 25, 2024
Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager... Moderate Unreviewed
CVE-2024-11672 was published Nov 25, 2024
moodle: IDOR in edit/delete RSS feed Moderate
CVE-2024-48897 was published for moodle/moodle (Composer) Nov 18, 2024
moodle: IDOR when fetching report schedules Moderate
CVE-2024-48901 was published for moodle/moodle (Composer) Nov 18, 2024
baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User... Moderate Unreviewed
CVE-2024-45877 was published Nov 13, 2024
An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH v2... Moderate Unreviewed
CVE-2024-44765 was published Nov 8, 2024
Hashicorp Nomad Incorrect Authorization vulnerability Moderate
CVE-2024-10975 was published for github.com/hashicorp/nomad (Go) Nov 7, 2024
Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users Moderate
CVE-2024-43438 was published for moodle/moodle (Composer) Nov 7, 2024
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated,... Moderate Unreviewed
CVE-2024-20537 was published Nov 6, 2024
ansible-core Incorrect Authorization vulnerability Moderate
CVE-2024-9902 was published for ansible-core (pip) Nov 6, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database