GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,042 advisories
Filter by severity
An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php...
Moderate
Unreviewed
CVE-2024-41252
was published
Aug 7, 2024
An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara...
High
Unreviewed
CVE-2024-41249
was published
Aug 7, 2024
An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa...
Critical
Unreviewed
CVE-2024-41247
was published
Aug 7, 2024
An Incorrect Access Control vulnerability was found in /smsa/add_subject.php and /smsa...
High
Unreviewed
CVE-2024-41248
was published
Aug 7, 2024
An Incorrect Access Control vulnerability was found in /smsa/admin_dashboard.php in Kashipara...
Unknown
Unreviewed
CVE-2024-41246
was published
Aug 7, 2024
An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the...
High
Unreviewed
CVE-2024-41308
was published
Aug 7, 2024
Incorrect validation of files loaded from a local untrusted directory may allow local privilege...
High
Unreviewed
CVE-2024-7553
was published
Aug 7, 2024
It was possible for a web extension with minimal permissions to create a `StreamFilter` which...
Critical
Unreviewed
CVE-2024-7525
was published
Aug 6, 2024
An issue in UAB Lexita PanteraCRM CMS v.401.152 and Patera CRM CMS v.402.072 allows a remote...
High
Unreviewed
CVE-2024-40531
was published
Aug 5, 2024
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm
High
GHSA-6vjm-54vp-mxhx
was published
for
github.com/juju/juju
(Go)
Aug 5, 2024
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify...
High
Unreviewed
CVE-2024-33027
was published
Aug 5, 2024
An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in...
High
Unreviewed
CVE-2024-41518
was published
Aug 2, 2024
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to...
High
Unreviewed
CVE-2024-39777
was published
Aug 1, 2024
Mattermost allows a user on a remote to set their remote username prop to an arbitrary string
Moderate
CVE-2024-39839
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows remote actor to set arbitrary RemoteId values for synced users
Low
CVE-2024-41926
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows a remote actor to make an arbitrary local channel read-only
Moderate
CVE-2024-41162
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows remote actor to create/update/delete posts in arbitrary channels
Moderate
CVE-2024-41144
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost did not properly restrict channel creation
Low
CVE-2024-39837
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel
High
CVE-2024-39274
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost failed to disallow the modification of local users when syncing users in shared channels
High
CVE-2024-36492
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost failed to properly validate synced reactions
Low
CVE-2024-29977
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
The Breakdance plugin for WordPress is vulnerable to unauthorized access of data in all versions...
Moderate
Unreviewed
CVE-2024-5331
was published
Aug 1, 2024
Studio 42 elFinder vulnerable to Incorrect Access Control
High
CVE-2024-38909
was published
for
studio-42/elfinder
(Composer)
Jul 30, 2024
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control.
Critical
Unreviewed
CVE-2024-28805
was published
Jul 29, 2024
A flaw in versions of Delphix Data Control Tower (DCT) prior to 19.0.0 results in broken...
Moderate
Unreviewed
CVE-2024-6727
was published
Jul 29, 2024
ProTip!
Advisories are also available from the
GraphQL API