GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
956 advisories
Filter by severity
Supplementary groups are not set up properly in github.com/containerd/containerd
Moderate
CVE-2023-25173
was published
for
github.com/containerd/containerd
(Go)
Feb 16, 2023
Incorrect Authorization in calibreweb
Moderate
CVE-2022-0273
was published
for
calibreweb
(pip)
Jan 31, 2022
Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers...
Moderate
Unreviewed
CVE-2024-34642
was published
Sep 4, 2024
Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to...
Moderate
Unreviewed
CVE-2024-34652
was published
Sep 4, 2024
Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local...
Moderate
Unreviewed
CVE-2024-34650
was published
Sep 4, 2024
Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to...
Moderate
Unreviewed
CVE-2024-34651
was published
Sep 4, 2024
An Stored Cross-site Scripting vulnerability affects Zohocorp ManageEngine ServiceDesk Plus,...
Moderate
Unreviewed
CVE-2024-38869
was published
Aug 23, 2024
An improper access control vulnerability exists in GitLab Remote Development affecting all...
Moderate
Unreviewed
CVE-2023-6955
was published
Jan 12, 2024
Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not...
Moderate
Unreviewed
CVE-2024-43954
was published
Aug 29, 2024
AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template
Moderate
CVE-2024-45037
was published
for
aws-cdk
(npm)
Aug 27, 2024
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote...
Moderate
Unreviewed
CVE-2024-31402
was published
Jun 11, 2024
The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to...
Moderate
Unreviewed
CVE-2024-7836
was published
Aug 22, 2024
Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability. This...
Moderate
Unreviewed
CVE-2024-7604
was published
Aug 21, 2024
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an...
Moderate
Unreviewed
CVE-2024-7711
was published
Aug 20, 2024
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed...
Moderate
Unreviewed
CVE-2024-6337
was published
Aug 20, 2024
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access
Moderate
CVE-2024-44076
was published
for
io.github.microcks:microcks-app
(Maven)
Aug 19, 2024
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application...
Moderate
Unreviewed
CVE-2024-41941
was published
Aug 13, 2024
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check
Moderate
CVE-2024-40648
was published
for
matrix-sdk-crypto
(Rust)
Jul 18, 2024
SFTPGo has insufficient access control for password reset
Moderate
CVE-2024-37897
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Jun 20, 2024
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
Moderate
CVE-2024-27309
was published
for
org.apache.kafka:kafka-metadata
(Maven)
Apr 12, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1)....
Moderate
Unreviewed
CVE-2024-39871
was published
Jul 9, 2024
Magento Open Source Incorrect Authorization vulnerability
Moderate
CVE-2024-34106
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
ZITADEL's actions can overload reserved claims
Moderate
CVE-2024-29892
was published
for
github.com/zitadel/zitadel
(Go)
Mar 28, 2024
Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence.
Moderate
Unreviewed
CVE-2024-6358
was published
Aug 6, 2024
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed...
Moderate
Unreviewed
CVE-2024-5817
was published
Jul 17, 2024
ProTip!
Advisories are also available from the
GraphQL API