GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
228 advisories
Filter by severity
Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android...
Critical
Unreviewed
CVE-2023-4617
was published
Dec 19, 2024
Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf...
Critical
Unreviewed
CVE-2024-54662
was published
Dec 17, 2024
Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value...
Critical
Unreviewed
CVE-2024-52732
was published
Dec 2, 2024
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability....
Critical
Unreviewed
CVE-2024-11680
was published
Nov 26, 2024
A misconfiguration in the fingerprint authentication mechanism of Binance: BTC, Crypto and NFTS...
Critical
Unreviewed
CVE-2024-31695
was published
Nov 15, 2024
In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows...
Critical
Unreviewed
CVE-2024-3379
was published
Nov 14, 2024
Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of...
Critical
Unreviewed
CVE-2024-48176
was published
Nov 6, 2024
A permissions issue was addressed by removing vulnerable code and adding additional checks. This...
Critical
Unreviewed
CVE-2024-44217
was published
Oct 29, 2024
WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController...
Critical
Unreviewed
CVE-2024-48237
was published
Oct 26, 2024
Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control....
Critical
Unreviewed
CVE-2024-41617
was published
Oct 25, 2024
The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding...
Critical
Unreviewed
CVE-2024-48548
was published
Oct 24, 2024
The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0...
Critical
Unreviewed
CVE-2024-38002
was published
Oct 22, 2024
An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive...
Critical
Unreviewed
CVE-2024-48772
was published
Oct 11, 2024
An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker...
Critical
Unreviewed
CVE-2024-48784
was published
Oct 11, 2024
An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote...
Critical
Unreviewed
CVE-2024-48778
was published
Oct 11, 2024
An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain...
Critical
Unreviewed
CVE-2024-48787
was published
Oct 11, 2024
An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker...
Critical
Unreviewed
CVE-2024-48786
was published
Oct 11, 2024
An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain...
Critical
Unreviewed
CVE-2024-48769
was published
Oct 11, 2024
Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers...
Critical
Unreviewed
CVE-2024-45160
was published
Oct 9, 2024
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0...
Critical
Unreviewed
CVE-2024-45519
was published
Oct 3, 2024
Incorrect Authorization vulnerability in the protocol communication between the WatchGuard...
Critical
Unreviewed
CVE-2024-6592
was published
Sep 25, 2024
Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On...
Critical
Unreviewed
CVE-2024-6593
was published
Sep 25, 2024
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows...
Critical
Unreviewed
CVE-2024-8606
was published
Sep 23, 2024
app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org...
Critical
Unreviewed
CVE-2024-46918
was published
Sep 16, 2024
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access...
Critical
Unreviewed
CVE-2024-45509
was published
Sep 2, 2024
ProTip!
Advisories are also available from the
GraphQL API