Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,330
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,234 advisories

Loading
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application... Moderate Unreviewed
CVE-2024-41941 was published Aug 13, 2024
Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user... High Unreviewed
CVE-2024-7697 was published Aug 12, 2024
OpenFGA Authorization Bypass High
CVE-2024-42473 was published for github.com/openfga/openfga (Go) Aug 9, 2024
sidneibjunior
Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy... High Unreviewed
CVE-2024-7266 was published Aug 7, 2024
Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy... High Unreviewed
CVE-2024-7265 was published Aug 7, 2024
CloudStack account-users by default use username and password based authentication for API and UI... High Unreviewed
CVE-2024-42062 was published Aug 7, 2024
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533... Moderate Unreviewed
CVE-2024-7004 was published Aug 6, 2024
Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence. Moderate Unreviewed
CVE-2024-6358 was published Aug 6, 2024
HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability... Critical Unreviewed
CVE-2024-6202 was published Aug 6, 2024
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve... Critical Unreviewed
CVE-2024-6782 was published Aug 6, 2024
Alpine allows URL access filter bypass High
CVE-2022-23553 was published for us.springett:alpine (Maven) Aug 5, 2024
Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through... High Unreviewed
CVE-2024-38856 was published Aug 5, 2024
In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via... Moderate Unreviewed
CVE-2024-4447 was published Jul 26, 2024
In affected versions of Octopus Server under certain conditions, a user with specific role... Low Unreviewed
CVE-2024-4811 was published Jul 25, 2024
fabedge has insecure permissions High
CVE-2024-36536 was published for github.com/fabedge/fabedge (Go) Jul 24, 2024
AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have... High Unreviewed
CVE-2024-31970 was published Jul 24, 2024
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check Moderate
CVE-2024-40648 was published for matrix-sdk-crypto (Rust) Jul 18, 2024
dkasak poljar
Silverstripe Reports are still accessible even when `canView()` returns false Moderate
CVE-2024-29885 was published for silverstripe/reports (Composer) Jul 17, 2024
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed... Moderate Unreviewed
CVE-2024-5817 was published Jul 17, 2024
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed... Moderate Unreviewed
CVE-2024-5816 was published Jul 17, 2024
NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects High
CVE-2022-29946 was published for github.com/nats-io/nats-server/v2 (Go) Jul 11, 2024
Red-DiscordBot vulnerable to Incorrect Authorization in commands API Moderate
CVE-2024-39905 was published for Red-DiscordBot (pip) Jul 11, 2024
Flame442
A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning Moderate Unreviewed
CVE-2024-6150 was published Jul 10, 2024
Evmos vulnerable to exploit of smart contract account and vesting High
CVE-2024-39696 was published for github.com/evmos/evmos/v18 (Go) Jul 10, 2024
GAtom22
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1).... Moderate Unreviewed
CVE-2024-39871 was published Jul 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database