GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
941 advisories
Filter by severity
An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6...
Moderate
Unreviewed
CVE-2024-45323
was published
Sep 10, 2024
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All...
Moderate
Unreviewed
CVE-2024-37993
was published
Sep 10, 2024
A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All...
Moderate
Unreviewed
CVE-2024-21483
was published
Mar 12, 2024
Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control...
Moderate
Unreviewed
CVE-2024-39580
was published
Sep 10, 2024
A vulnerability has been identified in Node.js version 20, affecting users of the experimental...
Moderate
Unreviewed
CVE-2023-30582
was published
Sep 7, 2024
Incorrect Authorization in calibreweb
Moderate
CVE-2022-0273
was published
for
calibreweb
(pip)
Jan 31, 2022
nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of...
Moderate
Unreviewed
CVE-2024-28216
was published
Mar 7, 2024
The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser...
Moderate
Unreviewed
CVE-2023-25632
was published
Nov 27, 2023
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability
Moderate
CVE-2024-28087
was published
for
org.bonitasoft.engine:bonita-server
(Maven)
May 15, 2024
An issue was discovered in the Boomerang Parental Control application before 13.83 for Android....
Moderate
Unreviewed
CVE-2023-36620
was published
Nov 3, 2023
Vulnerability of input parameters being not strictly verified in the input. Successful...
Moderate
Unreviewed
CVE-2023-46755
was published
Nov 8, 2023
MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in...
Moderate
Unreviewed
CVE-2023-41570
was published
Nov 15, 2023
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows...
Moderate
Unreviewed
CVE-2023-43901
was published
Nov 14, 2023
An improper access control vulnerability exists in GitLab Remote Development affecting all...
Moderate
Unreviewed
CVE-2023-6955
was published
Jan 12, 2024
Powermail TYPO3 extension Broken Access Control in the OutputController
Moderate
CVE-2024-45233
was published
for
in2code/powermail
(Composer)
Aug 29, 2024
In queryChildDocuments of FileSystemProvider.java, there is a possible way to request access to...
Moderate
Unreviewed
CVE-2024-0032
was published
Feb 16, 2024
Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows...
Moderate
Unreviewed
CVE-2024-25653
was published
Mar 14, 2024
An issue in the component EXR!ReadEXR+0x4eef0 of Irfanview v4.67.1.0 allows attackers to cause an...
Moderate
Unreviewed
CVE-2024-44915
was published
Aug 28, 2024
An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows attackers to cause an...
Moderate
Unreviewed
CVE-2024-44913
was published
Aug 28, 2024
An issue in the component EXR!ReadEXR+0x3df50 of Irfanview v4.67.1.0 allows attackers to cause an...
Moderate
Unreviewed
CVE-2024-44914
was published
Aug 28, 2024
A vulnerability in the restricted security domain implementation of Cisco Application Policy...
Moderate
Unreviewed
CVE-2024-20279
was published
Aug 28, 2024
Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper access control vulnerability....
Moderate
Unreviewed
CVE-2024-26310
was published
Feb 21, 2024
A vulnerability, which was classified as critical, has been found in nafisulbari/itsourcecode...
Moderate
Unreviewed
CVE-2024-8216
was published
Aug 27, 2024
A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a...
Moderate
Unreviewed
CVE-2024-5814
was published
Aug 27, 2024
Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via ...
Moderate
Unreviewed
CVE-2024-42766
was published
Aug 23, 2024
ProTip!
Advisories are also available from the
GraphQL API