Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

542 advisories

Loading
Windows Remote Desktop Licensing Service Denial of Service Vulnerability Moderate Unreviewed
CVE-2024-38231 was published Sep 10, 2024
Microsoft Outlook for iOS Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-43482 was published Sep 10, 2024
A vulnerability in the JSON-RPC API feature in ConfD that is used by the web-based management... High Unreviewed
CVE-2024-20381 was published Sep 11, 2024
An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an... Moderate Unreviewed
CVE-2024-6840 was published Sep 12, 2024
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability Moderate
CVE-2024-46943 was published for org.opendaylight.aaa:aaa-artifacts (Maven) Sep 16, 2024
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries High
CVE-2024-46942 was published for org.opendaylight.mdsal:mdsal-artifacts (Maven) Sep 16, 2024
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows... High Unreviewed
CVE-2024-43460 was published Sep 17, 2024
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission Moderate
CVE-2024-46989 was published for github.com/authzed/spicedb (Go) Sep 18, 2024
tim-mod
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as... Moderate Unreviewed
CVE-2024-9082 was published Sep 22, 2024
A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow... Moderate Unreviewed
CVE-2024-20414 was published Sep 25, 2024
A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been... Moderate Unreviewed
CVE-2024-9297 was published Sep 28, 2024
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low... Moderate Unreviewed
CVE-2024-20441 was published Oct 2, 2024
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W,... High Unreviewed
CVE-2024-20393 was published Oct 2, 2024
Parse Server's custom object ID allows to acquire role privileges High
CVE-2024-47183 was published for parse-server (npm) Oct 4, 2024
mstniy mtrezza
Information disclosure while sending implicit broadcast containing APP launch information. Moderate Unreviewed
CVE-2024-38425 was published Oct 7, 2024
Windows Kerberos Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-38129 was published Oct 8, 2024
Improper Authorization in Select Permissions High
GHSA-9722-9j67-vjcr was published for surrealdb (Rust) Oct 8, 2024
5hanth Xkonti
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-45128 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Authorization vulnerability High
CVE-2024-45132 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-45131 was published for magento/community-edition (Composer) Oct 10, 2024
Gradios's CORS origin validation is not performed when the request has a cookie High
CVE-2024-47084 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Gradio's CORS origin validation accepts the null origin Moderate
CVE-2024-47165 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans High
CVE-2023-50780 was published for org.apache.activemq:artemis-cli (Maven) Oct 14, 2024
SAK-50571 Sakai Kernel users created with type roleview can login as a normal user High
CVE-2024-47876 was published for org.sakaiproject.kernel:sakai-kernel-impl (Maven) Oct 15, 2024
The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a... Moderate Unreviewed
CVE-2020-36841 was published Oct 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database