GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
941 advisories
Filter by severity
NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP...
Moderate
Unreviewed
CVE-2024-0104
was published
Aug 8, 2024
An Incorrect Access Control vulnerability was found in /smsa/view_teachers.php in Kashipara...
Moderate
Unreviewed
CVE-2024-41245
was published
Aug 7, 2024
An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara...
Moderate
Unreviewed
CVE-2024-41244
was published
Aug 7, 2024
An Incorrect Access Control vulnerability was found in /smsa/admin_dashboard.php in Kashipara...
Moderate
Unreviewed
CVE-2024-41246
was published
Aug 7, 2024
A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u...
Moderate
Unreviewed
CVE-2024-7154
was published
Jul 28, 2024
Summary:
Microsoft was notified that an elevation of privilege vulnerability exists in Windows...
Moderate
Unreviewed
CVE-2024-21302
was published
Aug 8, 2024
An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php...
Moderate
Unreviewed
CVE-2024-41252
was published
Aug 7, 2024
Path traversal allows leaking out-of-bound files from Argo CD repo-server
Moderate
CVE-2022-24731
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Mattermost allows remote actor to create/update/delete posts in arbitrary channels
Moderate
CVE-2024-41144
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows a remote actor to make an arbitrary local channel read-only
Moderate
CVE-2024-41162
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows a user on a remote to set their remote username prop to an arbitrary string
Moderate
CVE-2024-39839
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Magento Open Source Improper Access Control vulnerability
Moderate
CVE-2024-34107
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Directus incorrectly handles `_in` filter
Moderate
CVE-2024-39701
was published
for
directus
(npm)
Jul 8, 2024
Mattermost Server Improper Access Control
Moderate
CVE-2024-29221
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
Mattermost post fetching without auditing in compliance export
Moderate
CVE-2024-1887
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost allows attackers access to posts in channels they are not a member of
Moderate
CVE-2024-1942
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost fails to check the "invite_guest" permission
Moderate
CVE-2024-1888
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost viewing archived public channels permissions vulnerability
Moderate
CVE-2023-47858
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Jan 2, 2024
Mattermost fails to authenticate the source of certain types of post actions
Moderate
CVE-2024-2447
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak...
Moderate
Unreviewed
CVE-2024-25811
was published
Mar 21, 2024
ZenML Server Remote Privilege Escalation Vulnerability
Moderate
CVE-2024-25723
was published
for
zenml
(pip)
Feb 27, 2024
FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass
Moderate
CVE-2024-38873
was published
for
studiomitte/friendlycaptcha
(Composer)
Jun 21, 2024
An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.25, 4.4.0 through...
Moderate
Unreviewed
CVE-2024-37386
was published
Jul 15, 2024
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card...
Moderate
Unreviewed
CVE-2019-20473
was published
May 24, 2022
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Partners). ...
Moderate
Unreviewed
CVE-2024-21169
was published
Jul 17, 2024
ProTip!
Advisories are also available from the
GraphQL API