Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

937 advisories

Loading
BookStack Incorrect Access Control vulnerability High
CVE-2024-36676 was published for ssddanbrown/bookstack (Composer) Jul 10, 2024
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated... High Unreviewed
CVE-2022-47037 was published Mar 18, 2024
Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders... High Unreviewed
CVE-2023-36643 was published Apr 4, 2024
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to... High Unreviewed
CVE-2024-24485 was published Apr 15, 2024
Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E... High Unreviewed
CVE-2024-21153 was published Jul 17, 2024
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs... High Unreviewed
CVE-2019-20470 was published May 24, 2022
Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for... High Unreviewed
CVE-2023-35121 was published Mar 28, 2024
Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and... High Unreviewed
CVE-2023-38945 was published Mar 6, 2024
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate... High Unreviewed
CVE-2023-43318 was published Mar 6, 2024
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS... High Unreviewed
CVE-2022-48683 was published Jun 10, 2024
An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the... High Unreviewed
CVE-2019-16640 was published Jul 16, 2024
Insecure permissions in cert-manager v1.14.4 allows attackers to access sensitive data and... High Unreviewed
CVE-2024-36537 was published Jul 24, 2024
Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate... High Unreviewed
CVE-2024-36542 was published Jul 25, 2024
SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before... High Unreviewed
CVE-2024-28405 was published Mar 29, 2024
In sendIntentSender of ActivityManagerService.java, there is a possible background activity... High Unreviewed
CVE-2024-0025 was published May 7, 2024
Incorrect access control in Customer Support System v1 allows non-administrator users to access... High Unreviewed
CVE-2023-49978 was published Mar 21, 2024
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify... High Unreviewed
CVE-2024-33027 was published Aug 5, 2024
Broken access control in the component /admin/management/users of School Fees Management System... High Unreviewed
CVE-2023-49982 was published Mar 21, 2024
Improper access control vulnerability exists in the specific folder of SKYSEA Client View... High Unreviewed
CVE-2024-21805 was published Mar 12, 2024
An access issue was addressed with improved access restrictions. This issue is fixed in macOS... High Unreviewed
CVE-2024-23238 was published Mar 8, 2024
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can... High Unreviewed
CVE-2024-25736 was published Mar 27, 2024
Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an... High Unreviewed
CVE-2024-2915 was published Mar 26, 2024
Rancher's Steve API Component Improper authorization check allows privilege escalation High
CVE-2021-36776 was published for github.com/rancher/rancher (Go) Apr 24, 2024
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication High
CVE-2021-36775 was published for github.com/rancher/rancher (Go) Apr 24, 2024
Incorrect validation of files loaded from a local untrusted directory may allow local privilege... High Unreviewed
CVE-2024-7553 was published Aug 7, 2024
ProTip! Advisories are also available from the GraphQL API