Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,269
NuGet
760
pip
4,062
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,860 advisories

Loading
An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5... Moderate Unreviewed
CVE-2024-8116 was published Dec 16, 2024
XWiki allows remote code execution through the extension sheet Critical
CVE-2024-55662 was published for org.xwiki.platform:xwiki-platform-repository-server-ui (Maven) Dec 12, 2024
Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access High
CVE-2024-55633 was published for apache-superset (pip) Dec 12, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6... Low Unreviewed
CVE-2024-10043 was published Dec 12, 2024
The issue was addressed with improved permissions logic. This issue is fixed in macOS Sequoia 15... Moderate Unreviewed
CVE-2024-54495 was published Dec 12, 2024
Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled High
CVE-2024-53949 was published for apache-superset (pip) Dec 9, 2024
An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An... High Unreviewed
CVE-2024-55579 was published Dec 9, 2024
Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x <= 9.9.2 fail to properly propagate... Moderate Unreviewed
CVE-2024-12247 was published Dec 5, 2024
Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and... Moderate Unreviewed
CVE-2024-12148 was published Dec 4, 2024
Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier... Moderate Unreviewed
CVE-2024-12196 was published Dec 4, 2024
Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance... Moderate Unreviewed
CVE-2023-52944 was published Dec 4, 2024
Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance... Moderate Unreviewed
CVE-2023-52943 was published Dec 4, 2024
A vulnerability exists where a low-privileged user can exploit insufficient permissions in... High Unreviewed
CVE-2024-45204 was published Dec 4, 2024
A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent... High Unreviewed
CVE-2024-42452 was published Dec 4, 2024
Apache Ozone: Improper authentication when generating S3 secrets High
CVE-2024-45106 was published for org.apache.ozone:ozone (Maven) Dec 3, 2024
An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware... High Unreviewed
CVE-2024-53937 was published Dec 3, 2024
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware... High Unreviewed
CVE-2024-53941 was published Dec 3, 2024
Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value... Critical Unreviewed
CVE-2024-52732 was published Dec 2, 2024
Withdrawn Advisory: Symfony http-security has authentication bypass Moderate
CVE-2024-36611 was published for symfony/security-http (Composer) Nov 29, 2024 withdrawn
jderusse
Credited to jderusse
In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access... High Unreviewed
CVE-2024-48651 was published Nov 29, 2024
In Click Studios Passwordstate before build 9920, there is a potential permission escalation on... High Unreviewed
CVE-2024-54124 was published Nov 29, 2024
In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This... High Unreviewed
CVE-2018-9374 was published Nov 28, 2024
An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5... Moderate Unreviewed
CVE-2024-11669 was published Nov 26, 2024
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability.... Critical Unreviewed
CVE-2024-11680 was published Nov 26, 2024
Incorrect access control in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows attackers with... Moderate Unreviewed
CVE-2024-50671 was published Nov 25, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database