GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,458

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

280 advisories

Filter by severity

Sort by

Least recently updated

Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox... Critical Unreviewed

CVE-2023-29121 was published Nov 5, 2024

In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability... Critical Unreviewed

CVE-2024-7474 was published Oct 29, 2024

An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to... Critical Unreviewed

CVE-2024-7475 was published Oct 29, 2024

TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a... Critical Unreviewed

CVE-2023-26770 was published Oct 4, 2024

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0... Critical Unreviewed

CVE-2024-45519 was published Oct 3, 2024

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4... Critical Unreviewed

CVE-2024-42514 was published Oct 1, 2024

Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands... Critical Unreviewed

CVE-2024-46627 was published Sep 26, 2024

An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in... Critical Unreviewed

CVE-2024-42797 was published Sep 25, 2024

Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run... Critical Unreviewed

CVE-2024-45489 was published Sep 20, 2024

An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties... Critical Unreviewed

CVE-2024-46937 was published Sep 16, 2024

Azure Stack Hub Elevation of Privilege Vulnerability Critical Unreviewed

CVE-2024-38220 was published Sep 10, 2024

Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality,... Critical Unreviewed

CVE-2024-8584 was published Sep 9, 2024

Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting... Critical Unreviewed

CVE-2024-45522 was published Sep 2, 2024

In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access... Critical Unreviewed

CVE-2024-45509 was published Sep 2, 2024

The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an... Critical Unreviewed

CVE-2024-7954 was published Aug 23, 2024

An improper access control vulnerability has been identified in the SonicWall SonicOS management... Critical Unreviewed

CVE-2024-40766 was published Aug 23, 2024

An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in... Critical Unreviewed

CVE-2024-42775 was published Aug 22, 2024

An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra... Critical Unreviewed

CVE-2024-38175 was published Aug 20, 2024

eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via... Critical Unreviewed

CVE-2024-42919 was published Aug 20, 2024

An issue in the login component (process_login.php) of Hotel Management System commit 79d688... Critical Unreviewed

CVE-2024-42559 was published Aug 20, 2024

Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the... Critical Unreviewed

CVE-2024-42966 was published Aug 15, 2024

Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the... Critical Unreviewed

CVE-2024-42967 was published Aug 15, 2024

Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network... Critical Unreviewed

CVE-2024-24986 was published Aug 14, 2024

A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in... Critical Unreviewed

CVE-2024-40480 was published Aug 12, 2024

An improper access control vulnerability exists in the mintplex-labs/anything-llm application,... Critical Unreviewed

CVE-2024-3279 was published Aug 12, 2024

Previous 1 2 3 4 5 … 11 12 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

280 advisories