GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
941 advisories
Filter by severity
Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A...
Moderate
Unreviewed
CVE-2023-28600
was published
Jun 13, 2023
A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. It has been rated as problematic...
Moderate
Unreviewed
CVE-2024-9003
was published
Sep 19, 2024
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Moderate
CVE-2024-45811
was published
for
vite
(npm)
Sep 17, 2024
Directus vulnerable to SSRF Loopback IP filter bypass
Moderate
CVE-2024-46990
was published
for
@directus/api
(npm)
Sep 18, 2024
Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax...
Moderate
Unreviewed
CVE-2024-42794
was published
Sep 16, 2024
An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music...
Moderate
Unreviewed
CVE-2024-42795
was published
Sep 16, 2024
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in...
Moderate
Unreviewed
CVE-2024-42796
was published
Sep 16, 2024
Django Access Restrictions Bypass
Moderate
CVE-2016-2048
was published
for
django
(pip)
May 17, 2022
The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15...
Moderate
Unreviewed
CVE-2024-40825
was published
Sep 17, 2024
Ghost's improper authentication allows access to member information and actions
Moderate
CVE-2024-43409
was published
for
@tryghost/portal
(npm)
Aug 20, 2024
Umbraco CMS Improper Access Control vulnerability
Moderate
CVE-2024-43377
was published
for
Umbraco.Cms
(NuGet)
Aug 20, 2024
Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated...
Moderate
Unreviewed
CVE-2022-24036
was published
Nov 16, 2022
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: Internal...
Moderate
Unreviewed
CVE-2023-21860
was published
Jan 18, 2023
Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications...
Moderate
Unreviewed
CVE-2023-21922
was published
Apr 18, 2023
Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial...
Moderate
Unreviewed
CVE-2023-21905
was published
Apr 18, 2023
Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user...
Moderate
Unreviewed
CVE-2024-36247
was published
Sep 16, 2024
Improper access control in Intel(R) RAID Web Console software for all versions may allow an...
Moderate
Unreviewed
CVE-2024-32940
was published
Sep 16, 2024
Improper access control in Intel(R) RAID Web Console software for all versions may allow an...
Moderate
Unreviewed
CVE-2024-34543
was published
Sep 16, 2024
Vulnerability in Oracle SQL Developer (component: Installation). Supported versions that are...
Moderate
Unreviewed
CVE-2023-21969
was published
Apr 18, 2023
Lunary improper access control vulnerability
Moderate
CVE-2024-6087
was published
for
lunary
(npm)
Sep 13, 2024
The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel...
Moderate
Unreviewed
CVE-2023-39731
was published
Oct 20, 2023
** UNSUPPORTED WHEN ASSIGNED ** D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150...
Moderate
Unreviewed
CVE-2023-46033
was published
Oct 19, 2023
Improper Access Control in Apache Airflow
Moderate
CVE-2021-26559
was published
for
apache-airflow
(pip)
Apr 7, 2021
The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10...
Moderate
Unreviewed
CVE-2023-40708
was published
Aug 24, 2023
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker...
Moderate
Unreviewed
CVE-2024-20343
was published
Sep 11, 2024
ProTip!
Advisories are also available from the
GraphQL API