Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,860 advisories

Loading
Sulu grants access to pages regardless of role permissions Moderate
CVE-2024-27915 was published for sulu/sulu (Composer) Mar 4, 2024
Apache Archiva Incorrect Authorization vulnerability High
CVE-2024-27138 was published for org.apache.archiva:archiva (Maven) Mar 1, 2024
Apache Archiva Incorrect Authorization vulnerability High
CVE-2024-27139 was published for org.apache.archiva:archiva (Maven) Mar 1, 2024
IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user... Moderate Unreviewed
CVE-2023-47716 was published Mar 1, 2024
A vulnerability in the access control list (ACL) programming for port channel subinterfaces of... Moderate Unreviewed
CVE-2024-20291 was published Feb 29, 2024
Apache Superset: Improper authorization validation on dashboards and charts import Moderate
CVE-2024-26016 was published for apache-superset (pip) Feb 28, 2024
oscerd
Credited to oscerd
Apache Superset: Improper data authorization when creating a new dataset Moderate
CVE-2024-24779 was published for apache-superset (pip) Feb 28, 2024
oscerd
Credited to oscerd
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data Moderate
CVE-2024-24773 was published for apache-superset (pip) Feb 28, 2024
oscerd
Credited to oscerd
An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions... Low Unreviewed
CVE-2023-3509 was published Feb 22, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... High Unreviewed
CVE-2023-42860 was published Feb 21, 2024
Incorrect directory permissions for the shared NI RabbitMQ service may allow a local... High Unreviewed
CVE-2024-1156 was published Feb 20, 2024
Incorrect permissions in the installation directories for shared SystemLink Elixir based services... High Unreviewed
CVE-2024-1155 was published Feb 20, 2024
Liferay Portal and Liferay DXP Allows Authenticated Users with View Permissions to Edit Permissions Moderate
CVE-2024-25604 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Liferay Portal and Liferay DXP Does Not Properly Restrict Membership to Child Site Based on Parent Site Options Moderate
CVE-2024-25149 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Permission control vulnerability in the package management module.Successful exploitation of this... High Unreviewed
CVE-2023-52374 was published Feb 18, 2024
The VerifiedBoot module has a vulnerability that may cause authentication errors.Successful... High Unreviewed
CVE-2023-52361 was published Feb 18, 2024
SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an... Moderate Unreviewed
CVE-2024-21987 was published Feb 16, 2024
In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a... Moderate Unreviewed
CVE-2024-0017 was published Feb 16, 2024
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed... High Unreviewed
CVE-2024-1482 was published Feb 14, 2024
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role... Moderate Unreviewed
CVE-2024-24966 was published Feb 14, 2024
Email Validation Bypass And Preventing Sign Up From Email's Owner Moderate
CVE-2023-6152 was published for github.com/grafana/grafana (Go) Feb 13, 2024
negrel
Credited to negrel
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module Moderate
CVE-2024-24751 was published for derhansen/sf_event_mgt (Composer) Feb 13, 2024
derhansen
Credited to derhansen
The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect... Critical Unreviewed
CVE-2023-6036 was published Feb 12, 2024
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions Critical
CVE-2024-25108 was published for pixelfed/pixelfed (Composer) Feb 12, 2024
ThisIsMissEm nivenly-foundation
Credited to ThisIsMissEm and nivenly-foundation
OpenRefine JDBC Attack Vulnerability High
CVE-2024-23833 was published for org.openrefine:database (Maven) Feb 12, 2024
l0n3rs
Credited to l0n3rs
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database