Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

93 advisories

Loading
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API Low
CVE-2024-48925 was published for Umbraco.CMS (NuGet) Oct 22, 2024
thanhlam-attt
Magento Open Source Improper Access Control vulnerability Low
CVE-2024-45149 was published for magento/community-edition (Composer) Oct 10, 2024
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version... Low Unreviewed
CVE-2023-27303 was published Oct 10, 2024
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version... Low Unreviewed
CVE-2023-26596 was published Oct 10, 2024
An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4... Low Unreviewed
CVE-2023-4700 was published Nov 6, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4... Low Unreviewed
CVE-2023-3511 was published Dec 15, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3... Low Unreviewed
CVE-2023-4658 was published Dec 1, 2023
An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3,... Low Unreviewed
CVE-2023-3443 was published Dec 1, 2023
An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions... Low Unreviewed
CVE-2023-3509 was published Feb 22, 2024
Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when... Low Unreviewed
CVE-2024-47145 was published Sep 26, 2024
A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an... Low Unreviewed
CVE-2023-28372 was published Oct 3, 2023
Improper access control in Intel(R) RAID Web Console software all versions may allow an... Low Unreviewed
CVE-2024-36261 was published Sep 16, 2024
Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user... Low Unreviewed
CVE-2024-28170 was published Sep 16, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11... Low Unreviewed
CVE-2024-4011 was published Jun 27, 2024
Mattermost fails to properly restrict the access of files attached to posts Low
CVE-2024-23488 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost allows demoted guests to change group names Low
CVE-2023-50333 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 2, 2024
Mattermost Server Improper Access Control Low
CVE-2024-21848 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 5, 2024
Mattermost fails to check the required permissions Low
CVE-2024-24776 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 9, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11... Low Unreviewed
CVE-2024-2880 was published Jul 11, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4... Low Unreviewed
CVE-2024-5470 was published Jul 11, 2024
Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5 fail to prevent... Low Unreviewed
CVE-2024-39361 was published Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0, when using shared channels with multiple remote... Low Unreviewed
CVE-2024-36257 was published Jul 3, 2024
An Improper Access Control could allow a malicious actor authenticated in the API to enable... Low Unreviewed
CVE-2024-29206 was published May 7, 2024
HCL Connections contains a broken access control vulnerability that may expose sensitive... Low Unreviewed
CVE-2024-30107 was published Apr 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database