GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows...
Moderate
Unreviewed
CVE-2024-48941
was published
Oct 10, 2024
A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before...
Moderate
Unreviewed
CVE-2024-46540
was published
Sep 30, 2024
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment...
Moderate
Unreviewed
CVE-2024-39579
was published
Aug 31, 2024
Mage AI incorrectly gives privileges to users with deleted accounts
Moderate
CVE-2024-45187
was published
for
mage-ai
(pip)
Aug 23, 2024
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)...
Moderate
Unreviewed
CVE-2024-20466
was published
Aug 21, 2024
Grafana plugin data sources vulnerable to access control bypass
Moderate
CVE-2024-6322
was published
for
github.com/grafana/grafana
(Go)
Aug 20, 2024
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management...
Moderate
Unreviewed
CVE-2024-37134
was published
Jul 2, 2024
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment...
Moderate
Unreviewed
CVE-2024-37132
was published
Jul 2, 2024
An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker...
Moderate
Unreviewed
CVE-2023-7270
was published
Jun 27, 2024
NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users...
Moderate
Unreviewed
CVE-2024-0085
was published
Jun 14, 2024
A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below.
Moderate
Unreviewed
CVE-2024-27460
was published
May 14, 2024
Kubelet Incorrect Privilege Assignment
Moderate
CVE-2019-11245
was published
for
k8s.io/kubernetes/cmd/kubelet
(Go)
Apr 24, 2024
An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attacker to escalate privileges...
Moderate
Unreviewed
CVE-2024-31760
was published
Apr 17, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6...
Moderate
Unreviewed
CVE-2023-6477
was published
Feb 22, 2024
An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low...
Moderate
Unreviewed
CVE-2024-25083
was published
Feb 16, 2024
When running in Appliance mode, an authenticated attacker assigned the Administrator role may be...
Moderate
Unreviewed
CVE-2024-23976
was published
Feb 14, 2024
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R...
Moderate
Unreviewed
CVE-2023-6815
was published
Feb 13, 2024
A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow...
Moderate
Unreviewed
CVE-2023-5080
was published
Jan 19, 2024
IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper...
Moderate
Unreviewed
CVE-2023-47140
was published
Jan 8, 2024
Nomad Search API Leaks Information About CSI Plugins
Moderate
CVE-2023-3300
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
Nomad ACL Policies without Label are Applied to Unexpected Resources
Moderate
CVE-2023-3072
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
AWS CDK EKS overly permissive trust policies
Moderate
CVE-2023-35165
was published
for
@aws-cdk/aws-eks
(npm)
Jun 19, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15...
Moderate
Unreviewed
CVE-2023-2485
was published
Jun 7, 2023
text_helpers uses web link to untrusted target with window.opener access
Moderate
CVE-2020-36624
was published
for
text_helpers
(RubyGems)
Dec 22, 2022
A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension...
Moderate
Unreviewed
CVE-2022-4613
was published
Dec 19, 2022
ProTip!
Advisories are also available from the
GraphQL API