Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,859 advisories

Loading
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-45131 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Authorization vulnerability High
CVE-2024-45132 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Incorrect Authorization vulnerability Moderate
CVE-2024-45125 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-45128 was published for magento/community-edition (Composer) Oct 10, 2024
In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API... Moderate Unreviewed
CVE-2024-7048 was published Oct 10, 2024
Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers... Critical Unreviewed
CVE-2024-45160 was published Oct 9, 2024
Information Disclosure in TYPO3 Page Tree Low
CVE-2024-47780 was published for typo3/cms-backend (Composer) Oct 8, 2024
ohader jpmschuler
Credited to ohader and jpmschuler
Information disclosure while sending implicit broadcast containing APP launch information. Moderate Unreviewed
CVE-2024-38425 was published Oct 7, 2024
Parse Server's custom object ID allows to acquire role privileges High
CVE-2024-47183 was published for parse-server (npm) Oct 4, 2024
mstniy mtrezza
Credited to mstniy and mtrezza
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0... Critical Unreviewed
CVE-2024-45519 was published Oct 3, 2024
Pomerium service account access token may grant unintended access to databroker API High
CVE-2024-47616 was published for github.com/pomerium/pomerium (Go) Oct 2, 2024
Jenkins item creation restriction bypass vulnerability Moderate
CVE-2024-47804 was published for org.jenkins-ci.main:jenkins-core (Maven) Oct 2, 2024
RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If... High Unreviewed
CVE-2024-47560 was published Oct 1, 2024
Access permission verification vulnerability in the App Multiplier module Impact: Successful... Moderate Unreviewed
CVE-2024-9136 was published Sep 27, 2024
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3... Low Unreviewed
CVE-2024-8974 was published Sep 27, 2024
Mattermost versions 9.10.x <= 9.10.1, 9.9.x <= 9.9.2, 9.5.x <= 9.5.8 fail to limit access to... Moderate Unreviewed
CVE-2024-9155 was published Sep 26, 2024
Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows... High Unreviewed
CVE-2024-7108 was published Sep 26, 2024
A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for... Moderate Unreviewed
CVE-2024-20510 was published Sep 25, 2024
BTS is affected by information disclosure vulnerability where mobile network operator personnel... Low Unreviewed
CVE-2023-25189 was published Sep 25, 2024
Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10... Moderate Unreviewed
CVE-2024-6512 was published Sep 25, 2024
Incorrect Authorization vulnerability in the protocol communication between the WatchGuard... Critical Unreviewed
CVE-2024-6592 was published Sep 25, 2024
Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On... Critical Unreviewed
CVE-2024-6593 was published Sep 25, 2024
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows... Critical Unreviewed
CVE-2024-8606 was published Sep 23, 2024
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as... Moderate Unreviewed
CVE-2024-9082 was published Sep 22, 2024
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate... Moderate Unreviewed
CVE-2024-47160 was published Sep 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database