GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
284 advisories
Filter by severity
Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This...
Critical
Unreviewed
CVE-2023-51644
was published
Nov 22, 2024
Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox...
Critical
Unreviewed
CVE-2023-29121
was published
Nov 5, 2024
An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to...
Critical
Unreviewed
CVE-2024-7475
was published
Oct 29, 2024
In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability...
Critical
Unreviewed
CVE-2024-7474
was published
Oct 29, 2024
TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a...
Critical
Unreviewed
CVE-2023-26770
was published
Oct 4, 2024
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0...
Critical
Unreviewed
CVE-2024-45519
was published
Oct 3, 2024
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4...
Critical
Unreviewed
CVE-2024-42514
was published
Oct 1, 2024
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands...
Critical
Unreviewed
CVE-2024-46627
was published
Sep 26, 2024
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in...
Critical
Unreviewed
CVE-2024-42797
was published
Sep 25, 2024
Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run...
Critical
Unreviewed
CVE-2024-45489
was published
Sep 20, 2024
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties...
Critical
Unreviewed
CVE-2024-46937
was published
Sep 16, 2024
Azure Stack Hub Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-38220
was published
Sep 10, 2024
Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality,...
Critical
Unreviewed
CVE-2024-8584
was published
Sep 9, 2024
Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting...
Critical
Unreviewed
CVE-2024-45522
was published
Sep 2, 2024
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access...
Critical
Unreviewed
CVE-2024-45509
was published
Sep 2, 2024
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an...
Critical
Unreviewed
CVE-2024-7954
was published
Aug 23, 2024
An improper access control vulnerability has been identified in the SonicWall SonicOS management...
Critical
Unreviewed
CVE-2024-40766
was published
Aug 23, 2024
An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in...
Critical
Unreviewed
CVE-2024-42775
was published
Aug 22, 2024
An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra...
Critical
Unreviewed
CVE-2024-38175
was published
Aug 20, 2024
eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via...
Critical
Unreviewed
CVE-2024-42919
was published
Aug 20, 2024
An issue in the login component (process_login.php) of Hotel Management System commit 79d688...
Critical
Unreviewed
CVE-2024-42559
was published
Aug 20, 2024
Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the...
Critical
Unreviewed
CVE-2024-42967
was published
Aug 15, 2024
Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the...
Critical
Unreviewed
CVE-2024-42966
was published
Aug 15, 2024
Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network...
Critical
Unreviewed
CVE-2024-24986
was published
Aug 14, 2024
RBAC Roles for `etcd` created by Kamaji are not disjunct
Critical
CVE-2024-42480
was published
for
github.com/clastix/kamaji
(Go)
Aug 12, 2024
ProTip!
Advisories are also available from the
GraphQL API