Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,042 advisories

Loading
An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php... Moderate Unreviewed
CVE-2024-41252 was published Aug 7, 2024
An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara... High Unreviewed
CVE-2024-41249 was published Aug 7, 2024
An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa... Critical Unreviewed
CVE-2024-41247 was published Aug 7, 2024
An Incorrect Access Control vulnerability was found in /smsa/add_subject.php and /smsa... High Unreviewed
CVE-2024-41248 was published Aug 7, 2024
An Incorrect Access Control vulnerability was found in /smsa/admin_dashboard.php in Kashipara... Unknown Unreviewed
CVE-2024-41246 was published Aug 7, 2024
An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the... High Unreviewed
CVE-2024-41308 was published Aug 7, 2024
Incorrect validation of files loaded from a local untrusted directory may allow local privilege... High Unreviewed
CVE-2024-7553 was published Aug 7, 2024
It was possible for a web extension with minimal permissions to create a `StreamFilter` which... Critical Unreviewed
CVE-2024-7525 was published Aug 6, 2024
An issue in UAB Lexita PanteraCRM CMS v.401.152 and Patera CRM CMS v.402.072 allows a remote... High Unreviewed
CVE-2024-40531 was published Aug 5, 2024
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm High
GHSA-6vjm-54vp-mxhx was published for github.com/juju/juju (Go) Aug 5, 2024
phvalguima manadart
SimonRichardson hpidcock lucistanescu eslerm
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify... High Unreviewed
CVE-2024-33027 was published Aug 5, 2024
An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in... High Unreviewed
CVE-2024-41518 was published Aug 2, 2024
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to... High Unreviewed
CVE-2024-39777 was published Aug 1, 2024
Mattermost allows a user on a remote to set their remote username prop to an arbitrary string Moderate
CVE-2024-39839 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost allows remote actor to set arbitrary RemoteId values for synced users Low
CVE-2024-41926 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost allows a remote actor to make an arbitrary local channel read-only Moderate
CVE-2024-41162 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost allows remote actor to create/update/delete posts in arbitrary channels Moderate
CVE-2024-41144 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost did not properly restrict channel creation Low
CVE-2024-39837 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel High
CVE-2024-39274 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost failed to disallow the modification of local users when syncing users in shared channels High
CVE-2024-36492 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost failed to properly validate synced reactions Low
CVE-2024-29977 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
The Breakdance plugin for WordPress is vulnerable to unauthorized access of data in all versions... Moderate Unreviewed
CVE-2024-5331 was published Aug 1, 2024
Studio 42 elFinder vulnerable to Incorrect Access Control High
CVE-2024-38909 was published for studio-42/elfinder (Composer) Jul 30, 2024
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control. Critical Unreviewed
CVE-2024-28805 was published Jul 29, 2024
A flaw in versions of Delphix Data Control Tower (DCT) prior to 19.0.0 results in broken... Moderate Unreviewed
CVE-2024-6727 was published Jul 29, 2024
ProTip! Advisories are also available from the GraphQL API