GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
199 advisories
Filter by severity
SAK-50571 Sakai Kernel users created with type roleview can login as a normal user
High
CVE-2024-47876
was published
for
org.sakaiproject.kernel:sakai-kernel-impl
(Maven)
Oct 15, 2024
Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
High
CVE-2023-50780
was published
for
org.apache.activemq:artemis-cli
(Maven)
Oct 14, 2024
Gradios's CORS origin validation is not performed when the request has a cookie
High
CVE-2024-47084
was published
for
gradio
(pip)
Oct 10, 2024
Magento Open Source Improper Authorization vulnerability
High
CVE-2024-45132
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Improper Authorization in Select Permissions
High
GHSA-9722-9j67-vjcr
was published
for
surrealdb
(Rust)
Oct 8, 2024
Windows Kerberos Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-38129
was published
Oct 8, 2024
Parse Server's custom object ID allows to acquire role privileges
High
CVE-2024-47183
was published
for
parse-server
(npm)
Oct 4, 2024
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W,...
High
Unreviewed
CVE-2024-20393
was published
Oct 2, 2024
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows...
High
Unreviewed
CVE-2024-43460
was published
Sep 17, 2024
A vulnerability in the JSON-RPC API feature in ConfD that is used by the web-based management...
High
Unreviewed
CVE-2024-20381
was published
Sep 11, 2024
Improper Authentication, Missing Authentication for Critical Function, Improper Authorization...
High
Unreviewed
CVE-2024-7015
was published
Sep 9, 2024
A vulnerability was found in Forklift Controller. There is no verification against the...
High
Unreviewed
CVE-2024-8509
was published
Sep 6, 2024
Flowise Authentication Bypass vulnerability
High
CVE-2024-8181
was published
for
flowise
(npm)
Aug 27, 2024
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints
High
CVE-2024-42490
was published
for
goauthentik.io
(Go)
Aug 22, 2024
The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in...
High
Unreviewed
CVE-2024-7624
was published
Aug 15, 2024
OpenFGA Authorization Bypass
High
CVE-2024-42473
was published
for
github.com/openfga/openfga
(Go)
Aug 9, 2024
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in...
High
Unreviewed
CVE-2024-40814
was published
Jul 30, 2024
The issue was addressed with improved restriction of data container access. This issue is fixed...
High
Unreviewed
CVE-2024-40783
was published
Jul 30, 2024
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
High
Unreviewed
CVE-2024-30061
was published
Jul 9, 2024
In SAP Commerce, a user can misuse the forgotten
password functionality to gain access to a...
High
Unreviewed
CVE-2024-39597
was published
Jul 9, 2024
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0...
High
Unreviewed
CVE-2024-38329
was published
Jun 19, 2024
Magento Open Source Improper Authorization vulnerability
High
CVE-2024-34104
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an...
High
Unreviewed
CVE-2024-25949
was published
Jun 12, 2024
The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main'...
High
Unreviewed
CVE-2024-4254
was published
Jun 4, 2024
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6...
High
Unreviewed
CVE-2024-23667
was published
Jun 3, 2024
ProTip!
Advisories are also available from the
GraphQL API