GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
267 advisories
Filter by severity
Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run...
Critical
Unreviewed
CVE-2024-45489
was published
Sep 20, 2024
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties...
Critical
Unreviewed
CVE-2024-46937
was published
Sep 16, 2024
HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or...
Critical
Unreviewed
CVE-2023-5365
was published
Oct 9, 2023
Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this...
Critical
Unreviewed
CVE-2023-44118
was published
Oct 11, 2023
TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive...
Critical
Unreviewed
CVE-2024-39376
was published
Jun 27, 2024
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also...
Critical
Unreviewed
CVE-2023-43119
was published
Oct 16, 2023
SaToken privilege escalation vulnerability
Critical
CVE-2023-44794
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are...
Critical
Unreviewed
CVE-2023-41721
was published
Oct 25, 2023
Azure Stack Hub Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-38220
was published
Sep 10, 2024
Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality,...
Critical
Unreviewed
CVE-2024-8584
was published
Sep 9, 2024
An improper access control vulnerability has been identified in the SonicWall SonicOS management...
Critical
Unreviewed
CVE-2024-40766
was published
Aug 23, 2024
eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via...
Critical
Unreviewed
CVE-2024-42919
was published
Aug 20, 2024
Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the...
Critical
Unreviewed
CVE-2024-42967
was published
Aug 15, 2024
An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a...
Critical
Unreviewed
CVE-2023-46501
was published
Nov 7, 2023
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access...
Critical
Unreviewed
CVE-2024-45509
was published
Sep 2, 2024
Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device...
Critical
Unreviewed
CVE-2022-46025
was published
Jan 10, 2024
Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting...
Critical
Unreviewed
CVE-2024-45522
was published
Sep 2, 2024
The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in...
Critical
Unreviewed
CVE-2021-47155
was published
Mar 18, 2024
Incorrect access control in Book Store Management System v1 allows attackers to access...
Critical
Unreviewed
CVE-2023-49543
was published
Mar 2, 2024
An issue was discovered in Lustre versions 2.13.x, 2.14.x, and 2.15.x before 2.15.4, allows...
Critical
Unreviewed
CVE-2023-51786
was published
Mar 7, 2024
Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has...
Critical
Unreviewed
CVE-2022-47036
was published
Mar 18, 2024
In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without...
Critical
Unreviewed
CVE-2024-31815
was published
Apr 8, 2024
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an...
Critical
Unreviewed
CVE-2024-7954
was published
Aug 23, 2024
An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a...
Critical
Unreviewed
CVE-2024-28390
was published
Mar 14, 2024
LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed...
Critical
Unreviewed
CVE-2024-41703
was published
Jul 22, 2024
ProTip!
Advisories are also available from the
GraphQL API