Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

941 advisories

Loading
A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. It has been rated as problematic... Moderate Unreviewed
CVE-2024-9003 was published Sep 19, 2024
Directus vulnerable to SSRF Loopback IP filter bypass Moderate
CVE-2024-46990 was published for @directus/api (npm) Sep 18, 2024
r3dpower
Vite's `server.fs.deny` is bypassed when using `?import&raw` Moderate
CVE-2024-45811 was published for vite (npm) Sep 17, 2024
adi1
The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15... Moderate Unreviewed
CVE-2024-40825 was published Sep 17, 2024
An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music... Moderate Unreviewed
CVE-2024-42795 was published Sep 16, 2024
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in... Moderate Unreviewed
CVE-2024-42796 was published Sep 16, 2024
Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax... Moderate Unreviewed
CVE-2024-42794 was published Sep 16, 2024
Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user... Moderate Unreviewed
CVE-2024-36247 was published Sep 16, 2024
Improper access control in Intel(R) RAID Web Console software for all versions may allow an... Moderate Unreviewed
CVE-2024-34543 was published Sep 16, 2024
Improper access control in Intel(R) RAID Web Console software for all versions may allow an... Moderate Unreviewed
CVE-2024-32940 was published Sep 16, 2024
Lunary improper access control vulnerability Moderate
CVE-2024-6087 was published for lunary (npm) Sep 13, 2024
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker... Moderate Unreviewed
CVE-2024-20343 was published Sep 11, 2024
An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6... Moderate Unreviewed
CVE-2024-45323 was published Sep 10, 2024
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All... Moderate Unreviewed
CVE-2024-37993 was published Sep 10, 2024
Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control... Moderate Unreviewed
CVE-2024-39580 was published Sep 10, 2024
A vulnerability has been identified in Node.js version 20, affecting users of the experimental... Moderate Unreviewed
CVE-2023-30582 was published Sep 7, 2024
Powermail TYPO3 extension Broken Access Control in the OutputController Moderate
CVE-2024-45233 was published for in2code/powermail (Composer) Aug 29, 2024
An issue in the component EXR!ReadEXR+0x4eef0 of Irfanview v4.67.1.0 allows attackers to cause an... Moderate Unreviewed
CVE-2024-44915 was published Aug 28, 2024
An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows attackers to cause an... Moderate Unreviewed
CVE-2024-44913 was published Aug 28, 2024
An issue in the component EXR!ReadEXR+0x3df50 of Irfanview v4.67.1.0 allows attackers to cause an... Moderate Unreviewed
CVE-2024-44914 was published Aug 28, 2024
A vulnerability in the restricted security domain implementation of Cisco Application Policy... Moderate Unreviewed
CVE-2024-20279 was published Aug 28, 2024
A vulnerability, which was classified as critical, has been found in nafisulbari/itsourcecode... Moderate Unreviewed
CVE-2024-8216 was published Aug 27, 2024
A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a... Moderate Unreviewed
CVE-2024-5814 was published Aug 27, 2024
Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via ... Moderate Unreviewed
CVE-2024-42766 was published Aug 23, 2024
Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams Moderate
CVE-2024-42497 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
ProTip! Advisories are also available from the GraphQL API