Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,031 advisories

Loading
Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute... High Unreviewed
CVE-2024-22938 was published Jan 30, 2024
Buildkit's interactive containers API does not validate entitlements check Critical
CVE-2024-23653 was published for github.com/moby/buildkit (Go) Jan 31, 2024
rmcnamara-snyk
Privilege Escalation in HashiCorp Consul Moderate
CVE-2020-28053 was published for github.com/hashicorp/consul (Go) Jan 31, 2024
An incorrect authorization vulnerability has been reported to affect several QNAP operating... Moderate Unreviewed
CVE-2023-32967 was published Feb 2, 2024
phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes Moderate
CVE-2024-22208 was published for phpmyfaq/phpmyfaq (Composer) Feb 5, 2024
PinkDraconian
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up... Moderate Unreviewed
CVE-2023-6963 was published Feb 6, 2024
Improper authorization verification vulnerability in Samsung Internet prior to version 24.0... Low Unreviewed
CVE-2024-20828 was published Feb 6, 2024
Mattermost Jira Plugin does not properly check security levels Low
CVE-2024-24774 was published for github.com/mattermost/mattermost-plugin-jira (Go) Feb 9, 2024
Email Validation Bypass And Preventing Sign Up From Email's Owner Moderate
CVE-2023-6152 was published for github.com/grafana/grafana (Go) Feb 13, 2024
negrel
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role... Moderate Unreviewed
CVE-2024-24966 was published Feb 14, 2024
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed... High Unreviewed
CVE-2024-1482 was published Feb 14, 2024
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before... Moderate Unreviewed
CVE-2024-25149 was published Feb 20, 2024
Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3... Moderate Unreviewed
CVE-2024-25604 was published Feb 20, 2024
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data Moderate
CVE-2024-24773 was published for apache-superset (pip) Feb 28, 2024
oscerd
Apache Superset: Improper authorization validation on dashboards and charts import Moderate
CVE-2024-26016 was published for apache-superset (pip) Feb 28, 2024
oscerd
Apache Superset: Improper data authorization when creating a new dataset Moderate
CVE-2024-24779 was published for apache-superset (pip) Feb 28, 2024
oscerd
Apache Archiva Incorrect Authorization vulnerability High
CVE-2024-27139 was published for org.apache.archiva:archiva (Maven) Mar 1, 2024
Apache Archiva Incorrect Authorization vulnerability High
CVE-2024-27138 was published for org.apache.archiva:archiva (Maven) Mar 1, 2024
Sulu grants access to pages regardless of role permissions Moderate
CVE-2024-27915 was published for sulu/sulu (Composer) Mar 4, 2024
1Panel open source panel project has an unauthorized vulnerability. Moderate
CVE-2024-27288 was published for github.com/1Panel-dev/1Panel (Go) Mar 6, 2024
Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass High
CVE-2024-27933 was published for deno (Rust) Mar 6, 2024
leesh3288
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage... Moderate Unreviewed
CVE-2024-28174 was published Mar 6, 2024
A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16... Moderate Unreviewed
CVE-2024-1299 was published Mar 7, 2024
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore... Moderate Unreviewed
CVE-2024-28229 was published Mar 7, 2024
SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only... Moderate Unreviewed
CVE-2024-22133 was published Mar 12, 2024
ProTip! Advisories are also available from the GraphQL API