GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
54 advisories
Filter by severity
Azure CycleCloud Remote Code Execution Vulnerability
Critical
Unreviewed
CVE-2024-43602
was published
Nov 12, 2024
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications
Critical
CVE-2024-38821
was published
for
org.springframework.security:spring-security-web
(Maven)
Oct 28, 2024
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints
Critical
CVE-2024-42490
was published
for
goauthentik.io
(Go)
Aug 22, 2024
An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an...
Critical
Unreviewed
CVE-2024-36130
was published
Aug 7, 2024
lunary-ai/lunary allows users unauthorized access to projects
Critical
CVE-2024-4146
was published
for
lunary
(npm)
Jun 8, 2024
•
withdrawn
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application,...
Critical
Unreviewed
CVE-2024-3033
was published
Jun 6, 2024
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter...
Critical
Unreviewed
CVE-2024-34257
was published
May 8, 2024
DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php.
Critical
Unreviewed
CVE-2024-33749
was published
May 6, 2024
lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members...
Critical
Unreviewed
CVE-2024-1741
was published
Apr 10, 2024
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions
Critical
CVE-2024-25108
was published
for
pixelfed/pixelfed
(Composer)
Feb 12, 2024
EisBaer Scada - CWE-285: Improper Authorization
Critical
Unreviewed
CVE-2023-42491
was published
Oct 25, 2023
A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS...
Critical
Unreviewed
CVE-2023-20186
was published
Sep 27, 2023
Parameter verification vulnerability in the installd module. Successful exploitation of this...
Critical
Unreviewed
CVE-2023-39402
was published
Aug 13, 2023
Parameter verification vulnerability in the installd module. Successful exploitation of this...
Critical
Unreviewed
CVE-2023-39401
was published
Aug 13, 2023
Parameter verification vulnerability in the installd module. Successful exploitation of this...
Critical
Unreviewed
CVE-2023-39398
was published
Aug 13, 2023
Parameter verification vulnerability in the installd module. Successful exploitation of this...
Critical
Unreviewed
CVE-2023-39400
was published
Aug 13, 2023
Parameter verification vulnerability in the installd module. Successful exploitation of this...
Critical
Unreviewed
CVE-2023-39399
was published
Aug 13, 2023
Parameter verification vulnerability in the installd module. Successful exploitation of this...
Critical
Unreviewed
CVE-2023-39403
was published
Aug 13, 2023
Pomerium vulnerable to Incorrect Authorization with specially crafted requests
Critical
CVE-2023-33189
was published
for
github.com/pomerium/pomerium
(Go)
May 26, 2023
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS...
Critical
Unreviewed
CVE-2023-30467
was published
Apr 28, 2023
Improper Authorization in modoboa
Critical
CVE-2023-2227
was published
for
modoboa
(pip)
Apr 21, 2023
Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication...
Critical
Unreviewed
CVE-2022-3748
was published
Apr 14, 2023
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper...
Critical
Unreviewed
CVE-2023-1256
was published
Mar 16, 2023
A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact...
Critical
Unreviewed
CVE-2022-27583
was published
Nov 1, 2022
Field-level access-control bypass for multiselect field
Critical
CVE-2022-39322
was published
for
@keystone-6/core
(npm)
Oct 18, 2022
ProTip!
Advisories are also available from the
GraphQL API