GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
267 advisories
Filter by severity
An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in...
Critical
Unreviewed
CVE-2024-42775
was published
Aug 22, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS...
Critical
Unreviewed
CVE-2023-42945
was published
Feb 21, 2024
A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in...
Critical
Unreviewed
CVE-2024-40480
was published
Aug 12, 2024
An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra...
Critical
Unreviewed
CVE-2024-38175
was published
Aug 20, 2024
An issue in the login component (process_login.php) of Hotel Management System commit 79d688...
Critical
Unreviewed
CVE-2024-42559
was published
Aug 20, 2024
Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded...
Critical
Unreviewed
CVE-2024-36080
was published
May 19, 2024
Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the...
Critical
Unreviewed
CVE-2024-42966
was published
Aug 15, 2024
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the...
Critical
Unreviewed
CVE-2024-24496
was published
Feb 8, 2024
4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set...
Critical
Unreviewed
CVE-2024-24300
was published
Feb 15, 2024
Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network...
Critical
Unreviewed
CVE-2024-24986
was published
Aug 14, 2024
It was possible for a web extension with minimal permissions to create a `StreamFilter` which...
Critical
Unreviewed
CVE-2024-7525
was published
Aug 6, 2024
An improper access control vulnerability exists in the mintplex-labs/anything-llm application,...
Critical
Unreviewed
CVE-2024-3279
was published
Aug 12, 2024
An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa...
Critical
Unreviewed
CVE-2024-41247
was published
Aug 7, 2024
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
Critical
CVE-2024-39943
was published
for
hfs
(npm)
Jul 5, 2024
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can...
Critical
Unreviewed
CVE-2024-25735
was published
Mar 27, 2024
An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1...
Critical
Unreviewed
CVE-2020-26942
was published
Mar 21, 2024
Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control...
Critical
Unreviewed
CVE-2024-29866
was published
Mar 21, 2024
Apache HugeGraph-Server: Command execution in gremlin
Critical
CVE-2024-27348
was published
for
org.apache.hugegraph:hugegraph-api
(Maven)
Apr 22, 2024
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control.
Critical
Unreviewed
CVE-2024-28805
was published
Jul 29, 2024
Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows...
Critical
Unreviewed
CVE-2024-40117
was published
Jul 26, 2024
Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and...
Critical
Unreviewed
CVE-2024-36540
was published
Jul 24, 2024
Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An...
Critical
Unreviewed
CVE-2024-33898
was published
Jun 25, 2024
Incorrect access control in the fingerprint authentication mechanism of Phone Cleaner: Boost &...
Critical
Unreviewed
CVE-2024-31682
was published
Jun 3, 2024
An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not...
Critical
Unreviewed
CVE-2023-49931
was published
Feb 29, 2024
An issue was discovered in RWS WorldServer before 11.7.3. Regular users can create users with the...
Critical
Unreviewed
CVE-2022-34270
was published
Feb 29, 2024
ProTip!
Advisories are also available from the
GraphQL API