GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,073
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
441 advisories
Filter by severity
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11...
Moderate
Unreviewed
CVE-2024-3959
was published
Jun 27, 2024
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0...
High
Unreviewed
CVE-2024-38329
was published
Jun 19, 2024
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an...
High
Unreviewed
CVE-2024-34104
was published
Jun 13, 2024
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Low
CVE-2024-5798
was published
for
github.com/hashicorp/vault
(Go)
Jun 12, 2024
Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an...
High
Unreviewed
CVE-2024-25949
was published
Jun 12, 2024
lunary-ai/lunary allows users unauthorized access to projects
Critical
CVE-2024-4146
was published
for
lunary
(npm)
Jun 8, 2024
TYPO3 Broken Access Control in Localization Handling
Moderate
GHSA-772m-43f3-hmf8
was published
for
typo3/cms
(Composer)
Jun 7, 2024
Evmos allows unvested token delegations
Moderate
CVE-2024-37154
was published
for
github.com/evmos/evmos/v10
(Go)
Jun 6, 2024
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application,...
Critical
Unreviewed
CVE-2024-3033
was published
Jun 6, 2024
Information Disclosure in TYPO3 Backend
Moderate
GHSA-vpr3-rc99-2wpr
was published
for
typo3/cms
(Composer)
Jun 5, 2024
The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main'...
High
Unreviewed
CVE-2024-4254
was published
Jun 4, 2024
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6...
High
Unreviewed
CVE-2024-23670
was published
Jun 3, 2024
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6...
High
Unreviewed
CVE-2024-23667
was published
Jun 3, 2024
Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below,...
Moderate
Unreviewed
CVE-2024-23665
was published
Jun 3, 2024
FOSUserBundle User Identity Validation Vulnerability
Moderate
GHSA-8wx3-8m4x-g5h4
was published
for
friendsofsymfony/user-bundle
(Composer)
May 15, 2024
Certain MQTT wildcards are not blocked on the
CyberPower PowerPanel
system, which might result...
Moderate
Unreviewed
CVE-2024-31409
was published
May 15, 2024
eZ Publish Legacy Passwordless login for LDAP users
High
GHSA-p9mp-vq4v-v5m5
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been...
Moderate
Unreviewed
CVE-2024-4819
was published
May 14, 2024
A PendingIntent hijacking vulnerability was reported in the Motorola Face Unlock application...
Moderate
Unreviewed
CVE-2023-41819
was published
May 3, 2024
D-Link D-View showUsers Improper Authorization Privilege Escalation Vulnerability. This...
High
Unreviewed
CVE-2023-44410
was published
May 3, 2024
D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability. This...
High
Unreviewed
CVE-2023-32168
was published
May 3, 2024
A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight...
High
Unreviewed
CVE-2023-47166
was published
May 1, 2024
An incorrect authorization vulnerability has been reported to affect several QNAP operating...
High
Unreviewed
CVE-2023-50363
was published
Apr 26, 2024
Quarkus: authorization flaw in quarkus resteasy reactive and classic
Moderate
CVE-2023-5675
was published
for
io.quarkus:quarkus-resteasy-reactive-common
(Maven)
Apr 25, 2024
A race condition flaw was found in sssd where the GPO policy is not consistently applied for...
High
Unreviewed
CVE-2023-3758
was published
Apr 18, 2024
ProTip!
Advisories are also available from the
GraphQL API