GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Keycloak vulnerable to impersonation via logout token exchange
Low
CVE-2023-0657
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
Low
CVE-2024-48925
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
Magento Open Source Improper Access Control vulnerability
Low
CVE-2024-45149
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Mattermost fails to properly restrict the access of files attached to posts
Low
CVE-2024-23488
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost allows demoted guests to change group names
Low
CVE-2023-50333
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Jan 2, 2024
Mattermost Server Improper Access Control
Low
CVE-2024-21848
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
Mattermost fails to check the required permissions
Low
CVE-2024-24776
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 9, 2024
vantage6 collaboration admins can extend their influence by expanding the collaboration
Low
CVE-2024-32969
was published
for
vantage6
(pip)
May 22, 2024
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Low
CVE-2024-30261
was published
for
undici
(npm)
Apr 4, 2024
Mattermost fails to fully validate role changes
Low
CVE-2024-4198
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Mattermost allows team admins to promote guests to team admins
Low
CVE-2024-4195
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Broken access control in Silverpeas
Low
CVE-2023-47320
was published
for
org.silverpeas.core:silverpeas-core-war
(Maven)
Dec 13, 2023
Froxlor vulnerable to business logic errors
Low
CVE-2023-4304
was published
for
froxlor/froxlor
(Composer)
Aug 11, 2023
Admidio Improper Access Control vulnerability
Low
CVE-2023-3303
was published
for
admidio/admidio
(Composer)
Jun 23, 2023
Mattermost fails to correctly delete attachments
Low
CVE-2023-4105
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
Tauri Filesystem Scope can be Partially Bypassed
Low
CVE-2022-41874
was published
for
Tauri
(Rust)
Nov 8, 2022
Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service
Low
CVE-2014-0228
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
Keycloak is vulnerable to IDN homograph attack
Low
GHSA-mwm4-5qwr-g9pf
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 28, 2022
ProTip!
Advisories are also available from the
GraphQL API