GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,177 advisories
Filter by severity
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel
High
CVE-2024-39274
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
The Breakdance plugin for WordPress is vulnerable to unauthorized access of data in all versions...
Moderate
Unreviewed
CVE-2024-5331
was published
Aug 1, 2024
Studio 42 elFinder vulnerable to Incorrect Access Control
High
CVE-2024-38909
was published
for
studio-42/elfinder
(Composer)
Jul 30, 2024
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control.
Critical
Unreviewed
CVE-2024-28805
was published
Jul 29, 2024
A flaw in versions of Delphix Data Control Tower (DCT) prior to 19.0.0 results in broken...
Moderate
Unreviewed
CVE-2024-6727
was published
Jul 29, 2024
A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u...
Moderate
Unreviewed
CVE-2024-7154
was published
Jul 28, 2024
Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows...
Critical
Unreviewed
CVE-2024-40117
was published
Jul 26, 2024
Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate...
High
Unreviewed
CVE-2024-36542
was published
Jul 25, 2024
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7...
Moderate
Unreviewed
CVE-2024-7057
was published
Jul 25, 2024
Insecure permissions in cert-manager v1.14.4 allows attackers to access sensitive data and...
High
Unreviewed
CVE-2024-36537
was published
Jul 24, 2024
Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate...
Critical
Unreviewed
CVE-2024-36535
was published
Jul 24, 2024
Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and...
Critical
Unreviewed
CVE-2024-36540
was published
Jul 24, 2024
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to...
Critical
Unreviewed
CVE-2024-38164
was published
Jul 24, 2024
LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed...
Critical
Unreviewed
CVE-2024-41703
was published
Jul 22, 2024
Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E...
High
Unreviewed
CVE-2024-21153
was published
Jul 17, 2024
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Partners). ...
Moderate
Unreviewed
CVE-2024-21169
was published
Jul 17, 2024
An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the...
High
Unreviewed
CVE-2019-16640
was published
Jul 16, 2024
An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.25, 4.4.0 through...
Moderate
Unreviewed
CVE-2024-37386
was published
Jul 15, 2024
The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is...
High
Unreviewed
CVE-2024-6737
was published
Jul 15, 2024
The tumbnail API of Tronclass from WisdomGarden lacks proper access control, allowing...
Moderate
Unreviewed
CVE-2024-6738
was published
Jul 15, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11...
Critical
Unreviewed
CVE-2024-6385
was published
Jul 11, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4...
Low
Unreviewed
CVE-2024-5470
was published
Jul 11, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4...
Moderate
Unreviewed
CVE-2024-5257
was published
Jul 11, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11...
Low
Unreviewed
CVE-2024-2880
was published
Jul 11, 2024
BookStack Incorrect Access Control vulnerability
High
CVE-2024-36676
was published
for
ssddanbrown/bookstack
(Composer)
Jul 10, 2024
ProTip!
Advisories are also available from the
GraphQL API