GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
541 advisories
Filter by severity
OpenSearch Observability does not properly restrict access to private tenant resources
Low
CVE-2024-39901
was published
for
org.opensearch.plugin:opensearch-observability
(Maven)
Jul 10, 2024
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
High
Unreviewed
CVE-2024-30061
was published
Jul 9, 2024
In SAP Commerce, a user can misuse the forgotten
password functionality to gain access to a...
High
Unreviewed
CVE-2024-39597
was published
Jul 9, 2024
A command for refining a collection shard key is missing an authorization check. This may cause...
Moderate
Unreviewed
CVE-2024-6375
was published
Jul 1, 2024
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do...
Moderate
Unreviewed
CVE-2023-35022
was published
Jun 30, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11...
Moderate
Unreviewed
CVE-2024-3959
was published
Jun 27, 2024
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0...
High
Unreviewed
CVE-2024-38329
was published
Jun 19, 2024
Magento Open Source Improper Authorization vulnerability
High
CVE-2024-34104
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Low
CVE-2024-5798
was published
for
github.com/hashicorp/vault
(Go)
Jun 12, 2024
Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an...
High
Unreviewed
CVE-2024-25949
was published
Jun 12, 2024
lunary-ai/lunary allows users unauthorized access to projects
Critical
CVE-2024-4146
was published
for
lunary
(npm)
Jun 8, 2024
•
withdrawn
TYPO3 Broken Access Control in Localization Handling
Moderate
GHSA-772m-43f3-hmf8
was published
for
typo3/cms
(Composer)
Jun 7, 2024
Evmos allows unvested token delegations
Moderate
CVE-2024-37154
was published
for
github.com/evmos/evmos/v10
(Go)
Jun 6, 2024
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application,...
Critical
Unreviewed
CVE-2024-3033
was published
Jun 6, 2024
Information Disclosure in TYPO3 Backend
Moderate
GHSA-vpr3-rc99-2wpr
was published
for
typo3/cms
(Composer)
Jun 5, 2024
The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main'...
High
Unreviewed
CVE-2024-4254
was published
Jun 4, 2024
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6...
High
Unreviewed
CVE-2024-23667
was published
Jun 3, 2024
Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below,...
Moderate
Unreviewed
CVE-2024-23665
was published
Jun 3, 2024
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6...
High
Unreviewed
CVE-2024-23670
was published
Jun 3, 2024
FOSUserBundle User Identity Validation Vulnerability
Moderate
GHSA-8wx3-8m4x-g5h4
was published
for
friendsofsymfony/user-bundle
(Composer)
May 15, 2024
Certain MQTT wildcards are not blocked on the
CyberPower PowerPanel
system, which might result...
Moderate
Unreviewed
CVE-2024-31409
was published
May 15, 2024
eZ Publish Legacy Passwordless login for LDAP users
High
GHSA-p9mp-vq4v-v5m5
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been...
Moderate
Unreviewed
CVE-2024-4819
was published
May 14, 2024
Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service,...
High
Unreviewed
CVE-2024-23576
was published
May 14, 2024
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter...
Critical
Unreviewed
CVE-2024-34257
was published
May 8, 2024
ProTip!
Advisories are also available from the
GraphQL API