GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
544 advisories
Filter by severity
An authenticated user with API access (e.g.: user with default User role), more specifically a...
High
Unreviewed
CVE-2024-36467
was published
Nov 27, 2024
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access
Moderate
CVE-2024-8676
was published
for
github.com/cri-o/cri-o
(Go)
Nov 26, 2024
The Booking & Appointment Plugin for WooCommerce plugin for WordPress is vulnerable to...
High
Unreviewed
CVE-2024-10729
was published
Nov 26, 2024
Moodle Lesson activity password bypass through PHP loose comparison
Moderate
CVE-2024-45691
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Moodle allows users to retrieve information they did not have permission to access
Moderate
CVE-2024-45689
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM)...
Moderate
Unreviewed
CVE-2020-3539
was published
Nov 18, 2024
moodle: IDOR in edit/delete RSS feed
Moderate
CVE-2024-48897
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
moodle: IDOR when fetching report schedules
Moderate
CVE-2024-48901
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
Improper Authorization in dolibarr/dolibarr
Moderate
CVE-2021-3991
was published
for
dolibarr/dolibarr
(Composer)
Nov 15, 2024
Harbor fails to validate the user permissions when updating p2p preheat policies
High
CVE-2022-31668
was published
for
github.com/goharbor/harbor
(Go)
Nov 14, 2024
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin
High
CVE-2024-52551
was published
for
org.jenkinsci.plugins:pipeline-model-parent
(Maven)
Nov 13, 2024
Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin
High
CVE-2024-52550
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Nov 13, 2024
Azure CycleCloud Remote Code Execution Vulnerability
Critical
Unreviewed
CVE-2024-43602
was published
Nov 12, 2024
A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This...
Moderate
Unreviewed
CVE-2024-10598
was published
Nov 1, 2024
Kyverno's PolicyException objects can be created in any namespace by default
High
CVE-2024-48921
was published
for
github.com/kyverno/kyverno
(Go)
Oct 29, 2024
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications
Critical
CVE-2024-38821
was published
for
org.springframework.security:spring-security-web
(Maven)
Oct 28, 2024
Improper authorization in some Intel(R) PM software may allow a privileged user to potentially...
Moderate
Unreviewed
CVE-2023-38135
was published
Oct 25, 2024
The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that...
High
Unreviewed
CVE-2024-9235
was published
Oct 25, 2024
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress...
Moderate
Unreviewed
CVE-2024-9531
was published
Oct 24, 2024
The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a...
Moderate
Unreviewed
CVE-2020-36841
was published
Oct 16, 2024
SAK-50571 Sakai Kernel users created with type roleview can login as a normal user
High
CVE-2024-47876
was published
for
org.sakaiproject.kernel:sakai-kernel-impl
(Maven)
Oct 15, 2024
Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
High
CVE-2023-50780
was published
for
org.apache.activemq:artemis-cli
(Maven)
Oct 14, 2024
Gradio's CORS origin validation accepts the null origin
Moderate
CVE-2024-47165
was published
for
gradio
(pip)
Oct 10, 2024
Gradios's CORS origin validation is not performed when the request has a cookie
High
CVE-2024-47084
was published
for
gradio
(pip)
Oct 10, 2024
Magento Open Source Improper Authorization vulnerability
High
CVE-2024-45132
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
ProTip!
Advisories are also available from the
GraphQL API