Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,860 advisories

Loading
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could... Moderate Unreviewed
CVE-2024-31134 was published Mar 28, 2024
Elasticsearch Incorrect Authorization vulnerability Moderate
CVE-2024-23451 was published for org.elasticsearch:elasticsearch (Maven) Mar 27, 2024
Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows... High Unreviewed
CVE-2023-6400 was published Mar 27, 2024
Ignite Realtime Openfire privilege escalation vulnerability High
CVE-2024-25421 was published for org.igniterealtime.openfire:xmppserver (Maven) Mar 26, 2024
Ignite Realtime Openfire privilege escalation vulnerability High
CVE-2024-25420 was published for org.igniterealtime.openfire:xmppserver (Maven) Mar 26, 2024
Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an... High Unreviewed
CVE-2024-2915 was published Mar 26, 2024
Broken access control in the component /admin/management/users of School Fees Management System... High Unreviewed
CVE-2023-49982 was published Mar 21, 2024
An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to... Critical Unreviewed
CVE-2024-28394 was published Mar 20, 2024
Improper authorization in the report management and creation module of BMC Control-M branches 9.0... Moderate Unreviewed
CVE-2024-1604 was published Mar 18, 2024
A vulnerability was found in kishor-23 Food Waste Management System 1.0. It has been declared as... Moderate Unreviewed
CVE-2024-2557 was published Mar 17, 2024
vantage6's CORS settings overly permissive Moderate
CVE-2024-23823 was published for vantage6 (pip) Mar 15, 2024
Users with `create` but not `override` privileges can perform local sync Moderate
CVE-2023-50726 was published for github.com/argoproj/argo-cd (Go) Mar 15, 2024
crenshaw-dev
Credited to crenshaw-dev
In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report... Critical Unreviewed
CVE-2024-25652 was published Mar 14, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management Moderate
CVE-2024-28098 was published for org.apache.pulsar:pulsar-broker (Maven) Mar 12, 2024
oscerd
Credited to oscerd
A vulnerability has been identified in Siveillance Control (All versions >= V2.8 < V3.1.1). The... Moderate Unreviewed
CVE-2023-45793 was published Mar 12, 2024
SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only... Moderate Unreviewed
CVE-2024-22133 was published Mar 12, 2024
An authentication issue was addressed with improved state management. This issue is fixed in... Critical Unreviewed
CVE-2024-23255 was published Mar 8, 2024
This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 1.1,... Low Unreviewed
CVE-2024-23262 was published Mar 8, 2024
An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17.4... Moderate Unreviewed
CVE-2024-23250 was published Mar 8, 2024
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore... Moderate Unreviewed
CVE-2024-28229 was published Mar 7, 2024
An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to... High Unreviewed
CVE-2024-0199 was published Mar 7, 2024
A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16... Moderate Unreviewed
CVE-2024-1299 was published Mar 7, 2024
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage... Moderate Unreviewed
CVE-2024-28174 was published Mar 6, 2024
Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass High
CVE-2024-27933 was published for deno (Rust) Mar 6, 2024
leesh3288
Credited to leesh3288
1Panel open source panel project has an unauthorized vulnerability. Moderate
CVE-2024-27288 was published for github.com/1Panel-dev/1Panel (Go) Mar 6, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database