GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,245 advisories
Filter by severity
Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite ...
High
Unreviewed
CVE-2024-21270
was published
Oct 15, 2024
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ...
High
Unreviewed
CVE-2024-21259
was published
Oct 15, 2024
Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component:...
Moderate
Unreviewed
CVE-2024-21249
was published
Oct 15, 2024
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
High
Unreviewed
CVE-2024-21260
was published
Oct 15, 2024
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). ...
Moderate
Unreviewed
CVE-2024-21262
was published
Oct 15, 2024
Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite (component: Site...
High
Unreviewed
CVE-2024-21265
was published
Oct 15, 2024
Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost...
High
Unreviewed
CVE-2024-21267
was published
Oct 15, 2024
OpenCanary Executes Commands From Potentially Writable Config File
Moderate
CVE-2024-48911
was published
for
OpenCanary
(pip)
Oct 14, 2024
An issue in Hideez com.hideez 2.7.8.3 allows a remote attacker to obtain sensitive information...
High
Unreviewed
CVE-2024-48792
was published
Oct 14, 2024
An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker...
Critical
Unreviewed
CVE-2024-48786
was published
Oct 11, 2024
An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive...
Critical
Unreviewed
CVE-2024-48772
was published
Oct 11, 2024
An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain...
Critical
Unreviewed
CVE-2024-48787
was published
Oct 11, 2024
An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker...
Critical
Unreviewed
CVE-2024-48784
was published
Oct 11, 2024
An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote...
Critical
Unreviewed
CVE-2024-48778
was published
Oct 11, 2024
An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain...
Critical
Unreviewed
CVE-2024-48769
was published
Oct 11, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9...
High
Unreviewed
CVE-2024-8970
was published
Oct 11, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9...
Moderate
Unreviewed
CVE-2024-9623
was published
Oct 10, 2024
Magento Open Source Improper Authorization vulnerability
High
CVE-2024-45132
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-45131
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Incorrect Authorization vulnerability
Moderate
CVE-2024-45125
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-45128
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers...
Critical
Unreviewed
CVE-2024-45160
was published
Oct 9, 2024
Information Disclosure in TYPO3 Page Tree
Low
CVE-2024-47780
was published
for
typo3/cms-backend
(Composer)
Oct 8, 2024
Information disclosure while sending implicit broadcast containing APP launch information.
Moderate
Unreviewed
CVE-2024-38425
was published
Oct 7, 2024
Parse Server's custom object ID allows to acquire role privileges
High
CVE-2024-47183
was published
for
parse-server
(npm)
Oct 4, 2024
ProTip!
Advisories are also available from the
GraphQL API