Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

327 advisories

Loading
XWiki programming rights may be inherited by inclusion Critical
CVE-2024-38369 was published for org.xwiki.platform:xwiki-platform-rendering-macro-include (Maven) Jun 24, 2024
Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not... Critical Unreviewed
CVE-2023-38389 was published Jun 21, 2024
Apache Submarine Server Core Incorrect Authorization vulnerability Critical
CVE-2024-36265 was published for apache-submarine (Maven) Jun 12, 2024
lunary-ai/lunary allows users unauthorized access to projects Critical
CVE-2024-4146 was published for lunary (npm) Jun 8, 2024 withdrawn
vincelwt
Credited to vincelwt
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application,... Critical Unreviewed
CVE-2024-3033 was published Jun 6, 2024
Incorrect access control in the fingerprint authentication mechanism of Phone Cleaner: Boost &... Critical Unreviewed
CVE-2024-31682 was published Jun 3, 2024
Grafana Fine-grained access control vulnerability Critical
CVE-2021-41244 was published for github.com/grafana/grafana (Go) May 14, 2024
Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications... Critical Unreviewed
CVE-2024-21010 was published Apr 17, 2024
An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically... Critical Unreviewed
CVE-2024-1738 was published Apr 16, 2024
In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user removed from an... Critical Unreviewed
CVE-2024-1740 was published Apr 10, 2024
lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members... Critical Unreviewed
CVE-2024-1741 was published Apr 10, 2024
Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful... Critical Unreviewed
CVE-2023-52538 was published Apr 8, 2024
An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to... Critical Unreviewed
CVE-2024-28394 was published Mar 20, 2024
In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report... Critical Unreviewed
CVE-2024-25652 was published Mar 14, 2024
An authentication issue was addressed with improved state management. This issue is fixed in... Critical Unreviewed
CVE-2024-23255 was published Mar 8, 2024
The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect... Critical Unreviewed
CVE-2023-6036 was published Feb 12, 2024
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions Critical
CVE-2024-25108 was published for pixelfed/pixelfed (Composer) Feb 12, 2024
ThisIsMissEm nivenly-foundation
Credited to ThisIsMissEm and nivenly-foundation
Buildkit's interactive containers API does not validate entitlements check Critical
CVE-2024-23653 was published for github.com/moby/buildkit (Go) Jan 31, 2024
rmcnamara-snyk
Credited to rmcnamara-snyk
An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An... Critical Unreviewed
CVE-2024-23629 was published Jan 26, 2024
Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6... Critical Unreviewed
CVE-2023-5356 was published Jan 12, 2024
A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows... Critical Unreviewed
CVE-2023-24051 was published Dec 5, 2023
An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of... Critical Unreviewed
CVE-2023-24052 was published Dec 5, 2023
SAP Business One installation - version 10.0, does not perform proper authentication and... Critical Unreviewed
CVE-2023-31403 was published Nov 14, 2023
XWiki Platform privilege escalation from script right to programming right through title displayer Critical
CVE-2023-46244 was published for org.xwiki.platform:xwiki-platform-display-api (Maven) Nov 7, 2023
A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software... Critical Unreviewed
CVE-2023-20048 was published Nov 1, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database