Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

362 advisories

Loading
Kirby has insufficient permission checks in the language settings High
CVE-2024-41964 was published for getkirby/cms (Composer) Aug 29, 2024
SebastianEberlein-JUNO
AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template Moderate
CVE-2024-45037 was published for aws-cdk (npm) Aug 27, 2024
t0bst4r
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints High
CVE-2024-42490 was published for goauthentik.io (Go) Aug 22, 2024
m2a2
Capsule tenant owner with "patch namespace" permission can hijack system namespaces High
CVE-2024-39690 was published for github.com/projectcapsule/capsule (Go) Aug 20, 2024
sparkEchooo
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access Moderate
CVE-2024-44076 was published for io.github.microcks:microcks-app (Maven) Aug 19, 2024
OpenFGA Authorization Bypass High
CVE-2024-42473 was published for github.com/openfga/openfga (Go) Aug 9, 2024
sidneibjunior
Alpine allows URL access filter bypass High
CVE-2022-23553 was published for us.springett:alpine (Maven) Aug 5, 2024
fabedge has insecure permissions High
CVE-2024-36536 was published for github.com/fabedge/fabedge (Go) Jul 24, 2024
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check Moderate
CVE-2024-40648 was published for matrix-sdk-crypto (Rust) Jul 18, 2024
dkasak poljar
Silverstripe Reports are still accessible even when `canView()` returns false Moderate
CVE-2024-29885 was published for silverstripe/reports (Composer) Jul 17, 2024
NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects Moderate
CVE-2022-29946 was published for github.com/nats-io/nats-server (Go) Jul 11, 2024
Red-DiscordBot vulnerable to Incorrect Authorization in commands API Moderate
CVE-2024-39905 was published for Red-DiscordBot (pip) Jul 11, 2024
Flame442
Evmos vulnerable to exploit of smart contract account and vesting High
CVE-2024-39696 was published for github.com/evmos/evmos/v18 (Go) Jul 10, 2024
GAtom22
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records Moderate
CVE-2024-39322 was published for aimeos/ai-admin-jsonadm (Composer) Jul 2, 2024
ssshah2131
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services Low
CVE-2024-39324 was published for aimeos/ai-admin-graphql (Composer) Jul 2, 2024
ssshah2131
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account High
CVE-2024-39323 was published for aimeos/ai-admin-graphql (Composer) Jul 2, 2024
ssshah2131
XWiki programming rights may be inherited by inclusion Critical
CVE-2024-38369 was published for org.xwiki.platform:xwiki-platform-rendering-macro-include (Maven) Jun 24, 2024
SFTPGo has insufficient access control for password reset Moderate
CVE-2024-37897 was published for github.com/drakkan/sftpgo/v2 (Go) Jun 20, 2024
t7tran
Magento Open Source Incorrect Authorization vulnerability Moderate
CVE-2024-34106 was published for magento/community-edition (Composer) Jun 13, 2024
Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0 High
CVE-2024-37300 was published for oauthenticator (pip) Jun 12, 2024
minrk yuvipanda
manics
Apache Submarine Server Core Incorrect Authorization vulnerability Critical
CVE-2024-36265 was published for org.apache.submarine:submarine-server-core (Maven) Jun 12, 2024
lunary-ai/lunary allows users unauthorized access to projects Critical
CVE-2024-4146 was published for lunary (npm) Jun 8, 2024
TYPO3 Broken Access Control in Import Module Moderate
GHSA-g776-759r-pf6x was published for typo3/cms-core (Composer) May 30, 2024
Silverstripe SiteTree Creation Permission Vulnerability High
GHSA-3mm9-2p44-rw39 was published for silverstripe/cms (Composer) May 22, 2024
Grafana account takeover via OAuth vulnerability High
CVE-2022-31107 was published for github.com/grafana/grafana (Go) May 14, 2024
ProTip! Advisories are also available from the GraphQL API