Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,041 advisories

Loading
An Stored Cross-site Scripting vulnerability affects Zohocorp ManageEngine ServiceDesk Plus,... Moderate Unreviewed
CVE-2024-38869 was published Aug 23, 2024
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while... High Unreviewed
CVE-2024-38868 was published Aug 30, 2024
lunary-ai/lunary allows users unauthorized access to projects Critical
CVE-2024-4146 was published for lunary (npm) Jun 8, 2024
This vulnerability exists due to improper access controls on APIs in the Authentication module of... High Unreviewed
CVE-2024-45586 was published Sep 3, 2024
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to... High Unreviewed
CVE-2024-45587 was published Sep 3, 2024
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to... High Unreviewed
CVE-2024-45588 was published Sep 3, 2024
AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have... High Unreviewed
CVE-2024-31970 was published Jul 24, 2024
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access... Critical Unreviewed
CVE-2024-45509 was published Sep 2, 2024
Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to... Moderate Unreviewed
CVE-2024-34651 was published Sep 4, 2024
Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local... Moderate Unreviewed
CVE-2024-34650 was published Sep 4, 2024
Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to... Moderate Unreviewed
CVE-2024-34652 was published Sep 4, 2024
Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers... Moderate Unreviewed
CVE-2024-34642 was published Sep 4, 2024
Incorrect Authorization in calibreweb Moderate
CVE-2022-0273 was published for calibreweb (pip) Jan 31, 2022
Supplementary groups are not set up properly in github.com/containerd/containerd Moderate
CVE-2023-25173 was published for github.com/containerd/containerd (Go) Feb 16, 2023
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to... Low Unreviewed
CVE-2024-44114 was published Sep 10, 2024
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization... Moderate Unreviewed
CVE-2024-42423 was published Sep 10, 2024
An access control vulnerability was discovered in the Reports section due to a specific access... Moderate Unreviewed
CVE-2024-4465 was published Sep 11, 2024
Apache Airflow Incorrect Authorization vulnerability Moderate
CVE-2023-35908 was published for apache-airflow (pip) Jul 12, 2023
sunSUNQ
Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within... Low Unreviewed
CVE-2024-8011 was published Aug 25, 2024
A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a... Moderate Unreviewed
CVE-2024-8691 was published Sep 11, 2024
SaToken authentication bypass vulnerability High
CVE-2023-43961 was published for cn.dev33:sa-token-core (Maven) Oct 25, 2023
Apache Airflow Incorrect Authorization vulnerability Moderate
CVE-2023-40611 was published for apache-airflow (pip) Sep 12, 2023
sunSUNQ
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5... Moderate Unreviewed
CVE-2024-2743 was published Sep 12, 2024
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes Moderate
CVE-2023-47037 was published for apache-airflow (pip) Nov 12, 2023
r3kumar sunSUNQ
changedetection.io API endpoint is not secured with API token Low
CVE-2024-23329 was published for changedetection.io (pip) Jan 23, 2024
rozpuszczalny
ProTip! Advisories are also available from the GraphQL API