Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,037 advisories

Loading
Magento Open Source Incorrect Authorization vulnerability Moderate
CVE-2024-45125 was published for magento/community-edition (Composer) Oct 10, 2024
Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue... Moderate Unreviewed
CVE-2021-39119 was published May 24, 2022
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-45128 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-45131 was published for magento/community-edition (Composer) Oct 10, 2024
Evmos allows unvested token delegations Moderate
CVE-2024-37154 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
Information disclosure while sending implicit broadcast containing APP launch information. Moderate Unreviewed
CVE-2024-38425 was published Oct 7, 2024
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). ... Moderate Unreviewed
CVE-2024-21262 was published Oct 15, 2024
Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows... Moderate Unreviewed
CVE-2023-28714 was published Aug 11, 2023
A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a... Moderate Unreviewed
CVE-2024-8691 was published Sep 11, 2024
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to... Moderate Unreviewed
CVE-2020-36289 was published May 24, 2022
OpenCanary Executes Commands From Potentially Writable Config File Moderate
CVE-2024-48911 was published for OpenCanary (pip) Oct 14, 2024
0x0L0RD DavidBakerEffendi
AndreiDreyer
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module Moderate
CVE-2024-24751 was published for derhansen/sf_event_mgt (Composer) Feb 13, 2024
derhansen
Plone's authenticated users able to alter their password despite of policy definition Moderate
CVE-2013-4198 was published for Plone (pip) May 17, 2022
By holding a reference to the eval() function from an about:blank window, a malicious webpage... Moderate Unreviewed
CVE-2020-15664 was published May 24, 2022
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy Moderate
CVE-2022-0577 was published for scrapy (pip) Mar 1, 2022
ranjit-git
A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this... Moderate Unreviewed
CVE-2024-10173 was published Oct 20, 2024
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center ... Moderate Unreviewed
CVE-2024-20482 was published Oct 23, 2024
A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause... Moderate Unreviewed
CVE-2024-10295 was published Oct 24, 2024
In ppmp_protect_buf of drm_fw.c, there is a possible information disclosure due to a logic error... Moderate Unreviewed
CVE-2024-47025 was published Oct 25, 2024
Incorrect access control in XIAO HE Smart 4.3.1 allows attackers to access sensitive information... Moderate Unreviewed
CVE-2024-48540 was published Oct 24, 2024
There is a possible Local bypass of user interaction due to an insecure default value. This could... Moderate Unreviewed
CVE-2024-44099 was published Oct 25, 2024
Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass... Moderate Unreviewed
CVE-2024-49209 was published Oct 22, 2024
Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass... Moderate Unreviewed
CVE-2024-49208 was published Oct 22, 2024
A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions... Moderate Unreviewed
CVE-2023-4227 was published Aug 24, 2023
Privilege Escalation in Channelmgnt plug-in for Sopel Moderate
CVE-2020-15251 was published for sopel-plugins-channelmgnt (pip) Oct 13, 2020
RhinosF1
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database