Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

235 advisories

Loading
Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run... Critical Unreviewed
CVE-2024-45489 was published Sep 20, 2024
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties... Critical Unreviewed
CVE-2024-46937 was published Sep 16, 2024
Azure Stack Hub Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2024-38220 was published Sep 10, 2024
Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality,... Critical Unreviewed
CVE-2024-8584 was published Sep 9, 2024
Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting... Critical Unreviewed
CVE-2024-45522 was published Sep 2, 2024
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access... Critical Unreviewed
CVE-2024-45509 was published Sep 2, 2024
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an... Critical Unreviewed
CVE-2024-7954 was published Aug 23, 2024
An improper access control vulnerability has been identified in the SonicWall SonicOS management... Critical Unreviewed
CVE-2024-40766 was published Aug 23, 2024
An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in... Critical Unreviewed
CVE-2024-42775 was published Aug 22, 2024
An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra... Critical Unreviewed
CVE-2024-38175 was published Aug 20, 2024
eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via... Critical Unreviewed
CVE-2024-42919 was published Aug 20, 2024
An issue in the login component (process_login.php) of Hotel Management System commit 79d688... Critical Unreviewed
CVE-2024-42559 was published Aug 20, 2024
Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the... Critical Unreviewed
CVE-2024-42967 was published Aug 15, 2024
Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the... Critical Unreviewed
CVE-2024-42966 was published Aug 15, 2024
Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network... Critical Unreviewed
CVE-2024-24986 was published Aug 14, 2024
A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in... Critical Unreviewed
CVE-2024-40480 was published Aug 12, 2024
An improper access control vulnerability exists in the mintplex-labs/anything-llm application,... Critical Unreviewed
CVE-2024-3279 was published Aug 12, 2024
An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa... Critical Unreviewed
CVE-2024-41247 was published Aug 7, 2024
It was possible for a web extension with minimal permissions to create a `StreamFilter` which... Critical Unreviewed
CVE-2024-7525 was published Aug 6, 2024
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control. Critical Unreviewed
CVE-2024-28805 was published Jul 29, 2024
Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows... Critical Unreviewed
CVE-2024-40117 was published Jul 26, 2024
Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate... Critical Unreviewed
CVE-2024-36535 was published Jul 24, 2024
Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and... Critical Unreviewed
CVE-2024-36540 was published Jul 24, 2024
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to... Critical Unreviewed
CVE-2024-38164 was published Jul 24, 2024
LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed... Critical Unreviewed
CVE-2024-41703 was published Jul 22, 2024
ProTip! Advisories are also available from the GraphQL API