Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,001
Maven
5,000+
npm
3,713
NuGet
661
pip
3,384
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,041 advisories

Loading
Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to... Moderate Unreviewed
CVE-2024-34652 was published Sep 4, 2024
Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not... Moderate Unreviewed
CVE-2024-43954 was published Aug 29, 2024
AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template Moderate
CVE-2024-45037 was published for aws-cdk (npm) Aug 27, 2024
t0bst4r
An Stored Cross-site Scripting vulnerability affects Zohocorp ManageEngine ServiceDesk Plus,... Moderate Unreviewed
CVE-2024-38869 was published Aug 23, 2024
The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to... Moderate Unreviewed
CVE-2024-7836 was published Aug 22, 2024
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)... Moderate Unreviewed
CVE-2024-20466 was published Aug 21, 2024
Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability. This... Moderate Unreviewed
CVE-2024-7604 was published Aug 21, 2024
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed... Moderate Unreviewed
CVE-2024-6337 was published Aug 20, 2024
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an... Moderate Unreviewed
CVE-2024-7711 was published Aug 20, 2024
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application... Moderate Unreviewed
CVE-2024-41941 was published Aug 13, 2024
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533... Moderate Unreviewed
CVE-2024-7004 was published Aug 6, 2024
Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence. Moderate Unreviewed
CVE-2024-6358 was published Aug 6, 2024
In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via... Moderate Unreviewed
CVE-2024-4447 was published Jul 26, 2024
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check Moderate
CVE-2024-40648 was published for matrix-sdk-crypto (Rust) Jul 18, 2024
dkasak poljar
Silverstripe Reports are still accessible even when `canView()` returns false Moderate
CVE-2024-29885 was published for silverstripe/reports (Composer) Jul 17, 2024
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed... Moderate Unreviewed
CVE-2024-5816 was published Jul 17, 2024
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed... Moderate Unreviewed
CVE-2024-5817 was published Jul 17, 2024
Red-DiscordBot vulnerable to Incorrect Authorization in commands API Moderate
CVE-2024-39905 was published for Red-DiscordBot (pip) Jul 11, 2024
Flame442
A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning Moderate Unreviewed
CVE-2024-6150 was published Jul 10, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1).... Moderate Unreviewed
CVE-2024-39871 was published Jul 9, 2024
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records Moderate
CVE-2024-39322 was published for aimeos/ai-admin-jsonadm (Composer) Jul 2, 2024
ssshah2131
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information... Moderate Unreviewed
CVE-2023-38368 was published Jun 27, 2024
The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating... Moderate Unreviewed
CVE-2024-5071 was published Jun 26, 2024
The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of... Moderate Unreviewed
CVE-2024-1639 was published Jun 21, 2024
SFTPGo has insufficient access control for password reset Moderate
CVE-2024-37897 was published for github.com/drakkan/sftpgo/v2 (Go) Jun 20, 2024
t7tran
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database