GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
937 advisories
Filter by severity
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ...
High
Unreviewed
CVE-2024-21114
was published
Apr 17, 2024
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager...
High
Unreviewed
CVE-2024-21067
was published
Apr 17, 2024
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ...
High
Unreviewed
CVE-2024-21110
was published
Apr 17, 2024
Authlib has algorithm confusion with asymmetric public keys
High
CVE-2024-37568
was published
for
authlib
(pip)
Jun 9, 2024
Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.
High
Unreviewed
CVE-2024-27497
was published
Mar 1, 2024
code-projects Agro-School Management System 1.0 is suffers from Incorrect Access Control.
High
Unreviewed
CVE-2024-25251
was published
Feb 22, 2024
An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload...
High
Unreviewed
CVE-2024-24386
was published
Feb 15, 2024
Dolibarr vulnerable to Cross-Site Request Forgery
High
CVE-2024-31503
was published
for
dolibarr/dolibarr
(Composer)
Apr 17, 2024
Improper Access Controls allows backend users to overwrite their username when disallowed.
High
Unreviewed
CVE-2024-27187
was published
Aug 20, 2024
The mobile application (com.transsion.videocallenhancer) interface has improper permission...
High
Unreviewed
CVE-2024-4988
was published
May 21, 2024
In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to...
High
Unreviewed
CVE-2024-0036
was published
Feb 16, 2024
An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access...
High
Unreviewed
CVE-2024-33673
was published
Apr 26, 2024
An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel...
High
Unreviewed
CVE-2024-42772
was published
Aug 22, 2024
Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users...
High
Unreviewed
CVE-2024-42776
was published
Aug 22, 2024
An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the...
High
Unreviewed
CVE-2024-31759
was published
Apr 17, 2024
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read access to almost the whole...
High
Unreviewed
CVE-2024-36443
was published
Aug 22, 2024
Improper access control in Decentralized Identity Services allows an unathenticated attacker to...
High
Unreviewed
CVE-2024-43477
was published
Aug 23, 2024
Mattermost allows unsolicited invites to expose access to local channels
High
CVE-2024-39777
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12...
High
Unreviewed
CVE-2023-47422
was published
Feb 21, 2024
Incorrect access control in Reprise License Management Software Reprise License Manager v15.1...
High
Unreviewed
CVE-2023-44031
was published
Feb 3, 2024
An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows attackers to...
High
Unreviewed
CVE-2023-38946
was published
Mar 6, 2024
A directory listing vulnerability in Customer Support System v1 allows attackers to list...
High
Unreviewed
CVE-2023-49545
was published
Mar 2, 2024
An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and...
High
Unreviewed
CVE-2024-36068
was published
Aug 27, 2024
Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order...
High
Unreviewed
CVE-2023-36644
was published
Apr 4, 2024
ProTip!
Advisories are also available from the
GraphQL API