GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,242 advisories
Filter by severity
Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run...
Critical
Unreviewed
CVE-2024-45489
was published
Sep 20, 2024
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties...
Critical
Unreviewed
CVE-2024-46937
was published
Sep 16, 2024
A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an...
Low
Unreviewed
CVE-2023-28372
was published
Oct 3, 2023
Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5...
High
Unreviewed
CVE-2024-24693
was published
Mar 13, 2024
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom...
High
Unreviewed
CVE-2023-49647
was published
Jan 13, 2024
Improper access control in Zoom Rooms before version 5.15.0 may allow an authenticated user to...
High
Unreviewed
CVE-2023-36538
was published
Jul 11, 2023
If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local...
High
Unreviewed
CVE-2023-22618
was published
Oct 4, 2023
Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A...
Moderate
Unreviewed
CVE-2023-28600
was published
Jun 13, 2023
A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. It has been rated as problematic...
Moderate
Unreviewed
CVE-2024-9003
was published
Sep 19, 2024
Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A...
High
Unreviewed
CVE-2023-28603
was published
Jun 13, 2023
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Moderate
CVE-2024-45811
was published
for
vite
(npm)
Sep 17, 2024
Microsoft Office Visio Remote Code Execution Vulnerability
High
Unreviewed
CVE-2024-38016
was published
Sep 19, 2024
HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or...
Critical
Unreviewed
CVE-2023-5365
was published
Oct 9, 2023
Directus vulnerable to SSRF Loopback IP filter bypass
Moderate
CVE-2024-46990
was published
for
@directus/api
(npm)
Sep 18, 2024
Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this...
Critical
Unreviewed
CVE-2023-44118
was published
Oct 11, 2023
Mautic vulnerable to Improper Access Control in UI upgrade process
High
CVE-2022-25768
was published
for
mautic/core
(Composer)
Sep 18, 2024
Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax...
Moderate
Unreviewed
CVE-2024-42794
was published
Sep 16, 2024
An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music...
Moderate
Unreviewed
CVE-2024-42795
was published
Sep 16, 2024
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in...
Moderate
Unreviewed
CVE-2024-42796
was published
Sep 16, 2024
Django Access Restrictions Bypass
Moderate
CVE-2016-2048
was published
for
django
(pip)
May 17, 2022
Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier...
High
Unreviewed
CVE-2023-5240
was published
Oct 13, 2023
The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15...
Moderate
Unreviewed
CVE-2024-40825
was published
Sep 17, 2024
TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive...
Critical
Unreviewed
CVE-2024-39376
was published
Jun 27, 2024
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also...
Critical
Unreviewed
CVE-2023-43119
was published
Oct 16, 2023
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default
High
CVE-2024-6221
was published
for
Flask-Cors
(pip)
Aug 18, 2024
ProTip!
Advisories are also available from the
GraphQL API