Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

542 advisories

Loading
Improper Authorization in modoboa Critical
CVE-2023-2227 was published for modoboa (pip) Apr 21, 2023
matrix-synapse vulnerable to improper validation of receipts allows forged read receipts Moderate
CVE-2023-42453 was published for matrix-synapse (pip) Sep 26, 2023
Improper Authentication, Missing Authentication for Critical Function, Improper Authorization... High Unreviewed
CVE-2024-7015 was published Sep 9, 2024
IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions... High Unreviewed
CVE-2023-40683 was published Jan 19, 2024
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows... High Unreviewed
CVE-2024-43460 was published Sep 17, 2024
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability Moderate
CVE-2024-46943 was published for org.opendaylight.aaa:aaa-artifacts (Maven) Sep 16, 2024
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-39412 was published for magento/community-edition (Composer) Aug 14, 2024
A vulnerability was found in subscription-manager that allows local privilege escalation due to... High Unreviewed
CVE-2023-3899 was published Aug 23, 2023
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes Moderate
CVE-2023-47037 was published for apache-airflow (pip) Nov 12, 2023
r3kumar sunSUNQ
React Developer Tools extension Improper Authorization vulnerability Moderate
CVE-2023-5654 was published for react-devtools-core (npm) Oct 19, 2023
An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an... Moderate Unreviewed
CVE-2024-6840 was published Sep 12, 2024
A vulnerability in the JSON-RPC API feature in ConfD that is used by the web-based management... High Unreviewed
CVE-2024-20381 was published Sep 11, 2024
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API High
CVE-2022-41672 was published for apache-airflow (pip) Oct 7, 2022
sunSUNQ
Microsoft Outlook for iOS Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-43482 was published Sep 10, 2024
Windows Remote Desktop Licensing Service Denial of Service Vulnerability Moderate Unreviewed
CVE-2024-38231 was published Sep 10, 2024
A vulnerability was found in Forklift Controller.  There is no verification against the... High Unreviewed
CVE-2024-8509 was published Sep 6, 2024
A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote... Moderate Unreviewed
CVE-2024-20497 was published Sep 4, 2024
Flowise Authentication Bypass vulnerability High
CVE-2024-8181 was published for flowise (npm) Aug 27, 2024
BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in... Moderate Unreviewed
CVE-2024-34463 was published Sep 3, 2024
Powermail TYPO3 extension Broken Access Control in the OutputController Moderate
CVE-2024-45233 was published for in2code/powermail (Composer) Aug 29, 2024
Jenkins does not perform a permission check in an HTTP endpoint Moderate
CVE-2024-43045 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
* Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU... Moderate Unreviewed
CVE-2024-6347 was published Aug 15, 2024
A vulnerability has been found in SourceCodester Yoga Class Registration System 1.0 and... Moderate Unreviewed
CVE-2024-7851 was published Aug 16, 2024
Permission verification vulnerability in the Settings module. Impact: Successful exploitation of... High Unreviewed
CVE-2023-52539 was published Apr 8, 2024
The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in... High Unreviewed
CVE-2024-7624 was published Aug 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database