Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,242 advisories

Loading
Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run... Critical Unreviewed
CVE-2024-45489 was published Sep 20, 2024
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties... Critical Unreviewed
CVE-2024-46937 was published Sep 16, 2024
A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an... Low Unreviewed
CVE-2023-28372 was published Oct 3, 2023
Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5... High Unreviewed
CVE-2024-24693 was published Mar 13, 2024
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom... High Unreviewed
CVE-2023-49647 was published Jan 13, 2024
Improper access control in Zoom Rooms before version 5.15.0 may allow an authenticated user to... High Unreviewed
CVE-2023-36538 was published Jul 11, 2023
If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local... High Unreviewed
CVE-2023-22618 was published Oct 4, 2023
Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A... Moderate Unreviewed
CVE-2023-28600 was published Jun 13, 2023
A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. It has been rated as problematic... Moderate Unreviewed
CVE-2024-9003 was published Sep 19, 2024
Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A... High Unreviewed
CVE-2023-28603 was published Jun 13, 2023
Vite's `server.fs.deny` is bypassed when using `?import&raw` Moderate
CVE-2024-45811 was published for vite (npm) Sep 17, 2024
adi1
Microsoft Office Visio Remote Code Execution Vulnerability High Unreviewed
CVE-2024-38016 was published Sep 19, 2024
HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or... Critical Unreviewed
CVE-2023-5365 was published Oct 9, 2023
Directus vulnerable to SSRF Loopback IP filter bypass Moderate
CVE-2024-46990 was published for @directus/api (npm) Sep 18, 2024
r3dpower
Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this... Critical Unreviewed
CVE-2023-44118 was published Oct 11, 2023
Mautic vulnerable to Improper Access Control in UI upgrade process High
CVE-2022-25768 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax... Moderate Unreviewed
CVE-2024-42794 was published Sep 16, 2024
An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music... Moderate Unreviewed
CVE-2024-42795 was published Sep 16, 2024
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in... Moderate Unreviewed
CVE-2024-42796 was published Sep 16, 2024
Django Access Restrictions Bypass Moderate
CVE-2016-2048 was published for django (pip) May 17, 2022
MarkLee131
Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier... High Unreviewed
CVE-2023-5240 was published Oct 13, 2023
The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15... Moderate Unreviewed
CVE-2024-40825 was published Sep 17, 2024
TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive... Critical Unreviewed
CVE-2024-39376 was published Jun 27, 2024
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also... Critical Unreviewed
CVE-2023-43119 was published Oct 16, 2023
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default High
CVE-2024-6221 was published for Flask-Cors (pip) Aug 18, 2024
adrianosela Alex-ley-scrub
icarocd
ProTip! Advisories are also available from the GraphQL API