GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,085 advisories
Filter by severity
Grafana Fine-grained access control vulnerability
Critical
CVE-2021-41244
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Ant Media Server does not properly authorize non-administrative API calls
Moderate
CVE-2024-3462
was published
for
io.antmedia:ant-media-server
(Maven)
May 14, 2024
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
High
CVE-2024-34346
was published
for
deno
(Rust)
May 8, 2024
Apache Superset Incorrect Authorization vulnerability
Moderate
CVE-2024-28148
was published
for
apache-superset
(pip)
May 7, 2024
Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation...
Moderate
Unreviewed
CVE-2023-42124
was published
May 3, 2024
A vulnerability exists in the web-authentication component of the SDM600. If exploited an...
High
Unreviewed
CVE-2024-2378
was published
Apr 30, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16...
Moderate
Unreviewed
CVE-2024-4006
was published
Apr 25, 2024
Incorrect Authorization vulnerability in Supsystic Data Tables Generator.This issue affects Data...
Moderate
Unreviewed
CVE-2023-25043
was published
Apr 17, 2024
OpenFGA Authorization Bypass
High
CVE-2024-31452
was published
for
github.com/openfga/openfga
(Go)
Apr 16, 2024
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service
Low
CVE-2024-27086
was published
for
Microsoft.Identity.Client
(NuGet)
Apr 16, 2024
An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically...
Critical
Unreviewed
CVE-2024-1738
was published
Apr 16, 2024
Argo CD's API server does not enforce project sourceNamespaces
Moderate
CVE-2024-31990
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Apr 15, 2024
Dusk plugin may allow unfettered user authentication in misconfigured installs
High
CVE-2024-32003
was published
for
winter/wn-dusk-plugin
(Composer)
Apr 12, 2024
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
Moderate
CVE-2024-27309
was published
for
org.apache.kafka:kafka-metadata
(Maven)
Apr 12, 2024
In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user removed from an...
Critical
Unreviewed
CVE-2024-1740
was published
Apr 10, 2024
An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary...
High
Unreviewed
CVE-2024-1625
was published
Apr 10, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
Moderate
CVE-2024-29834
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Apr 2, 2024
ZITADEL's actions can overload reserved claims
Moderate
CVE-2024-29892
was published
for
github.com/zitadel/zitadel
(Go)
Mar 28, 2024
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could...
Moderate
Unreviewed
CVE-2024-31134
was published
Mar 28, 2024
Elasticsearch Incorrect Authorization vulnerability
Moderate
CVE-2024-23451
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 27, 2024
Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows...
High
Unreviewed
CVE-2023-6400
was published
Mar 27, 2024
Ignite Realtime Openfire privilege escalation vulnerability
High
CVE-2024-25421
was published
for
org.igniterealtime.openfire:xmppserver
(Maven)
Mar 26, 2024
Ignite Realtime Openfire privilege escalation vulnerability
High
CVE-2024-25420
was published
for
org.igniterealtime.openfire:xmppserver
(Maven)
Mar 26, 2024
Improper authorization in the report management and creation module of BMC Control-M branches 9.0...
Moderate
Unreviewed
CVE-2024-1604
was published
Mar 18, 2024
vantage6's CORS settings overly permissive
Moderate
CVE-2024-23823
was published
for
vantage6
(pip)
Mar 15, 2024
ProTip!
Advisories are also available from the
GraphQL API