GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
937 advisories
Filter by severity
BookStack Incorrect Access Control vulnerability
High
CVE-2024-36676
was published
for
ssddanbrown/bookstack
(Composer)
Jul 10, 2024
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated...
High
Unreviewed
CVE-2022-47037
was published
Mar 18, 2024
Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders...
High
Unreviewed
CVE-2023-36643
was published
Apr 4, 2024
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to...
High
Unreviewed
CVE-2024-24485
was published
Apr 15, 2024
Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E...
High
Unreviewed
CVE-2024-21153
was published
Jul 17, 2024
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs...
High
Unreviewed
CVE-2019-20470
was published
May 24, 2022
Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for...
High
Unreviewed
CVE-2023-35121
was published
Mar 28, 2024
Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and...
High
Unreviewed
CVE-2023-38945
was published
Mar 6, 2024
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate...
High
Unreviewed
CVE-2023-43318
was published
Mar 6, 2024
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS...
High
Unreviewed
CVE-2022-48683
was published
Jun 10, 2024
An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the...
High
Unreviewed
CVE-2019-16640
was published
Jul 16, 2024
Insecure permissions in cert-manager v1.14.4 allows attackers to access sensitive data and...
High
Unreviewed
CVE-2024-36537
was published
Jul 24, 2024
Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate...
High
Unreviewed
CVE-2024-36542
was published
Jul 25, 2024
SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before...
High
Unreviewed
CVE-2024-28405
was published
Mar 29, 2024
In sendIntentSender of ActivityManagerService.java, there is a possible background activity...
High
Unreviewed
CVE-2024-0025
was published
May 7, 2024
Incorrect access control in Customer Support System v1 allows non-administrator users to access...
High
Unreviewed
CVE-2023-49978
was published
Mar 21, 2024
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify...
High
Unreviewed
CVE-2024-33027
was published
Aug 5, 2024
Broken access control in the component /admin/management/users of School Fees Management System...
High
Unreviewed
CVE-2023-49982
was published
Mar 21, 2024
Improper access control vulnerability exists in the specific folder of SKYSEA Client View...
High
Unreviewed
CVE-2024-21805
was published
Mar 12, 2024
An access issue was addressed with improved access restrictions. This issue is fixed in macOS...
High
Unreviewed
CVE-2024-23238
was published
Mar 8, 2024
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can...
High
Unreviewed
CVE-2024-25736
was published
Mar 27, 2024
Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an...
High
Unreviewed
CVE-2024-2915
was published
Mar 26, 2024
Rancher's Steve API Component Improper authorization check allows privilege escalation
High
CVE-2021-36776
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication
High
CVE-2021-36775
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Incorrect validation of files loaded from a local untrusted directory may allow local privilege...
High
Unreviewed
CVE-2024-7553
was published
Aug 7, 2024
ProTip!
Advisories are also available from the
GraphQL API