Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,337 advisories

Loading
SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in... Moderate Unreviewed
CVE-2024-48936 was published Oct 28, 2024
In ppmp_protect_buf of drm_fw.c, there is a possible information disclosure due to a logic error... Moderate Unreviewed
CVE-2024-47025 was published Oct 25, 2024
There is a possible Local bypass of user interaction due to an insecure default value. This could... Moderate Unreviewed
CVE-2024-44099 was published Oct 25, 2024
A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause... Moderate Unreviewed
CVE-2024-10295 was published Oct 24, 2024
Incorrect access control in XIAO HE Smart 4.3.1 allows attackers to access sensitive information... Moderate Unreviewed
CVE-2024-48540 was published Oct 24, 2024
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center ... Moderate Unreviewed
CVE-2024-20482 was published Oct 23, 2024
Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass... Moderate Unreviewed
CVE-2024-49209 was published Oct 22, 2024
Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass... Moderate Unreviewed
CVE-2024-49208 was published Oct 22, 2024
A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this... Moderate Unreviewed
CVE-2024-10173 was published Oct 20, 2024
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone... Moderate Unreviewed
CVE-2024-20420 was published Oct 16, 2024
Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component:... Moderate Unreviewed
CVE-2024-21249 was published Oct 15, 2024
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). ... Moderate Unreviewed
CVE-2024-21262 was published Oct 15, 2024
OpenCanary Executes Commands From Potentially Writable Config File Moderate
CVE-2024-48911 was published for OpenCanary (pip) Oct 14, 2024
rootkiTED DavidBakerEffendi
AndreiDreyer
Credited to rootkiTED, DavidBakerEffendi, and AndreiDreyer
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-45131 was published for magento/community-edition (Composer) Oct 10, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9... Moderate Unreviewed
CVE-2024-9623 was published Oct 10, 2024
Magento Open Source Incorrect Authorization vulnerability Moderate
CVE-2024-45125 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-45128 was published for magento/community-edition (Composer) Oct 10, 2024
In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API... Moderate Unreviewed
CVE-2024-7048 was published Oct 10, 2024
Information disclosure while sending implicit broadcast containing APP launch information. Moderate Unreviewed
CVE-2024-38425 was published Oct 7, 2024
Jenkins item creation restriction bypass vulnerability Moderate
CVE-2024-47804 was published for org.jenkins-ci.main:jenkins-core (Maven) Oct 2, 2024
Access permission verification vulnerability in the App Multiplier module Impact: Successful... Moderate Unreviewed
CVE-2024-9136 was published Sep 27, 2024
Mattermost versions 9.10.x <= 9.10.1, 9.9.x <= 9.9.2, 9.5.x <= 9.5.8 fail to limit access to... Moderate Unreviewed
CVE-2024-9155 was published Sep 26, 2024
A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for... Moderate Unreviewed
CVE-2024-20510 was published Sep 25, 2024
Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10... Moderate Unreviewed
CVE-2024-6512 was published Sep 25, 2024
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as... Moderate Unreviewed
CVE-2024-9082 was published Sep 22, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database