Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

607 advisories

Loading
Sylius has a security vulnerability via adjustments API endpoint High
CVE-2024-40633 was published for sylius/sylius (Composer) Jul 17, 2024
OpenSearch Observability does not properly restrict access to private tenant resources Moderate
CVE-2024-39901 was published for org.opensearch.plugin:opensearch-observability (Maven) Jul 10, 2024
Cache driver GetBlob() allows read access to any blob without access control check Moderate
CVE-2024-39897 was published for zotregistry.dev/zot (Go) Jul 9, 2024
bburky
An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and... Moderate Unreviewed
CVE-2024-21759 was published Jul 9, 2024
A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment... High Unreviewed
CVE-2023-3285 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38055 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch,... Critical Unreviewed
CVE-2023-38052 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged... Critical Unreviewed
CVE-2023-38049 was published Jul 9, 2024
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged... Critical Unreviewed
CVE-2023-3287 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to... Critical Unreviewed
CVE-2023-38053 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to... High Unreviewed
CVE-2023-38047 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user... Critical Unreviewed
CVE-2023-38051 was published Jul 9, 2024
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged... Moderate Unreviewed
CVE-2023-3290 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38048 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38050 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38054 was published Jul 9, 2024
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user ... High Unreviewed
CVE-2023-3288 was published Jul 9, 2024
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any... High Unreviewed
CVE-2023-3289 was published Jul 9, 2024
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged... High Unreviewed
CVE-2023-3286 was published Jul 9, 2024
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes High
CVE-2024-39321 was published for github.com/traefik/traefik/v2 (Go) Jul 5, 2024
MWedl
Missing key verification in gost Critical
CVE-2024-39223 was published for github.com/ginuerzh/gost (Go) Jul 3, 2024
IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify... Moderate Unreviewed
CVE-2024-31898 was published Jun 30, 2024
The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in... Moderate Unreviewed
CVE-2024-5942 was published Jun 29, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS... High Unreviewed
CVE-2024-1107 was published Jun 27, 2024
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all... Moderate Unreviewed
CVE-2024-4874 was published Jun 22, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database