GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,572
Composer 4,205
Erlang 31
GitHub Actions 19
Go 1,986
Maven 5,163
npm 3,703
NuGet 661
pip 3,329
Pub 11
RubyGems 884
Rust 843
Swift 36

Unreviewed advisories

All unreviewed 234,068

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

266 advisories

Filter by severity

Sort by

Least recently updated

Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of... Critical Unreviewed

CVE-2024-48176 was published Nov 6, 2024

WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController... Critical Unreviewed

CVE-2024-48237 was published Oct 26, 2024

Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control.... Critical Unreviewed

CVE-2024-41617 was published Oct 25, 2024

The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding... Critical Unreviewed

CVE-2024-48548 was published Oct 24, 2024

The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0... Critical Unreviewed

CVE-2024-38002 was published Oct 22, 2024

Improper Authentication vulnerability in Apache Solr Critical

CVE-2024-45216 was published for org.apache.solr:solr (Maven) Oct 16, 2024

An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker... Critical Unreviewed

CVE-2024-48784 was published Oct 11, 2024

An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain... Critical Unreviewed

CVE-2024-48787 was published Oct 11, 2024

An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote... Critical Unreviewed

CVE-2024-48778 was published Oct 11, 2024

An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker... Critical Unreviewed

CVE-2024-48786 was published Oct 11, 2024

An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive... Critical Unreviewed

CVE-2024-48772 was published Oct 11, 2024

An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain... Critical Unreviewed

CVE-2024-48769 was published Oct 11, 2024

Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers... Critical Unreviewed

CVE-2024-45160 was published Oct 9, 2024

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0... Critical Unreviewed

CVE-2024-45519 was published Oct 3, 2024

Incorrect Authorization vulnerability in the protocol communication between the WatchGuard... Critical Unreviewed

CVE-2024-6592 was published Sep 25, 2024

Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On... Critical Unreviewed

CVE-2024-6593 was published Sep 25, 2024

Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows... Critical Unreviewed

CVE-2024-8606 was published Sep 23, 2024

app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org... Critical Unreviewed

CVE-2024-46918 was published Sep 16, 2024

In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access... Critical Unreviewed

CVE-2024-45509 was published Sep 2, 2024

An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in... Critical Unreviewed

CVE-2024-42773 was published Aug 22, 2024

Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the... Critical Unreviewed

CVE-2024-42966 was published Aug 15, 2024

HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability... Critical Unreviewed

CVE-2024-6202 was published Aug 6, 2024

Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve... Critical Unreviewed

CVE-2024-6782 was published Aug 6, 2024

XWiki programming rights may be inherited by inclusion Critical

CVE-2024-38369 was published for org.xwiki.platform:xwiki-platform-rendering-macro-include (Maven) Jun 24, 2024

Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not... Critical Unreviewed

CVE-2023-38389 was published Jun 21, 2024

Previous 1 2 3 4 5 … 10 11 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

266 advisories