GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,031 advisories
Filter by severity
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account
High
CVE-2024-39323
was published
for
aimeos/ai-admin-graphql
(Composer)
Jul 2, 2024
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information...
Moderate
Unreviewed
CVE-2023-38368
was published
Jun 27, 2024
Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to...
High
Unreviewed
CVE-2024-6323
was published
Jun 27, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11...
Low
Unreviewed
CVE-2024-4011
was published
Jun 27, 2024
XWiki programming rights may be inherited by inclusion
Critical
CVE-2024-38369
was published
for
org.xwiki.platform:xwiki-platform-rendering-macro-include
(Maven)
Jun 24, 2024
Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not...
Critical
Unreviewed
CVE-2023-38389
was published
Jun 21, 2024
The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of...
Moderate
Unreviewed
CVE-2024-1639
was published
Jun 21, 2024
SFTPGo has insufficient access control for password reset
Moderate
CVE-2024-37897
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Jun 20, 2024
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0...
High
Unreviewed
CVE-2024-38329
was published
Jun 19, 2024
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss...
Moderate
Unreviewed
CVE-2024-5860
was published
Jun 18, 2024
Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Incorrect...
Moderate
Unreviewed
CVE-2024-34130
was published
Jun 13, 2024
Magento Open Source Incorrect Authorization vulnerability
Moderate
CVE-2024-34106
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0
High
CVE-2024-37300
was published
for
oauthenticator
(pip)
Jun 12, 2024
Apache Submarine Server Core Incorrect Authorization vulnerability
Critical
CVE-2024-36265
was published
for
org.apache.submarine:submarine-server-core
(Maven)
Jun 12, 2024
Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical...
Moderate
Unreviewed
CVE-2024-0160
was published
Jun 12, 2024
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote...
Moderate
Unreviewed
CVE-2024-31402
was published
Jun 11, 2024
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote...
Moderate
Unreviewed
CVE-2024-31403
was published
Jun 11, 2024
This issue was addressed with improved permissions checking. This issue is fixed in macOS Sonoma...
High
Unreviewed
CVE-2024-27848
was published
Jun 10, 2024
lunary-ai/lunary allows users unauthorized access to projects
Critical
CVE-2024-4146
was published
for
lunary
(npm)
Jun 8, 2024
An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including...
High
Unreviewed
CVE-2024-5130
was published
Jun 6, 2024
The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to...
High
Unreviewed
CVE-2024-5324
was published
Jun 6, 2024
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6...
Moderate
Unreviewed
CVE-2024-23669
was published
Jun 5, 2024
TYPO3 Broken Access Control in Import Module
Moderate
GHSA-g776-759r-pf6x
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Silverstripe SiteTree Creation Permission Vulnerability
High
GHSA-3mm9-2p44-rw39
was published
for
silverstripe/cms
(Composer)
May 22, 2024
MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64...
High
Unreviewed
CVE-2024-3745
was published
May 18, 2024
ProTip!
Advisories are also available from the
GraphQL API