Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,245 advisories

Loading
Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Field... High Unreviewed
CVE-2024-21271 was published Oct 15, 2024
Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost... High Unreviewed
CVE-2024-21267 was published Oct 15, 2024
Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite (component: Site... High Unreviewed
CVE-2024-21265 was published Oct 15, 2024
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... High Unreviewed
CVE-2024-21259 was published Oct 15, 2024
Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component:... Moderate Unreviewed
CVE-2024-21249 was published Oct 15, 2024
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2024-21260 was published Oct 15, 2024
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). ... Moderate Unreviewed
CVE-2024-21262 was published Oct 15, 2024
OpenCanary Executes Commands From Potentially Writable Config File Moderate
CVE-2024-48911 was published for OpenCanary (pip) Oct 14, 2024
0x0L0RD DavidBakerEffendi
AndreiDreyer
An issue in Hideez com.hideez 2.7.8.3 allows a remote attacker to obtain sensitive information... High Unreviewed
CVE-2024-48792 was published Oct 14, 2024
An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker... Critical Unreviewed
CVE-2024-48784 was published Oct 11, 2024
An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote... Critical Unreviewed
CVE-2024-48778 was published Oct 11, 2024
An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker... Critical Unreviewed
CVE-2024-48786 was published Oct 11, 2024
An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain... Critical Unreviewed
CVE-2024-48787 was published Oct 11, 2024
An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive... Critical Unreviewed
CVE-2024-48772 was published Oct 11, 2024
An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain... Critical Unreviewed
CVE-2024-48769 was published Oct 11, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9... High Unreviewed
CVE-2024-8970 was published Oct 11, 2024
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-45131 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Authorization vulnerability High
CVE-2024-45132 was published for magento/community-edition (Composer) Oct 10, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9... Moderate Unreviewed
CVE-2024-9623 was published Oct 10, 2024
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-45128 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Incorrect Authorization vulnerability Moderate
CVE-2024-45125 was published for magento/community-edition (Composer) Oct 10, 2024
Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers... Critical Unreviewed
CVE-2024-45160 was published Oct 9, 2024
Information Disclosure in TYPO3 Page Tree Low
CVE-2024-47780 was published for typo3/cms-backend (Composer) Oct 8, 2024
ohader jpmschuler
Information disclosure while sending implicit broadcast containing APP launch information. Moderate Unreviewed
CVE-2024-38425 was published Oct 7, 2024
Parse Server's custom object ID allows to acquire role privileges High
CVE-2024-47183 was published for parse-server (npm) Oct 4, 2024
mstniy mtrezza
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database