GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
1,679 advisories
Filter by severity
IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user...
Moderate
Unreviewed
CVE-2023-47716
was published
Mar 1, 2024
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an...
High
Unreviewed
CVE-2023-47142
was published
Feb 2, 2024
app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org...
Critical
Unreviewed
CVE-2024-46918
was published
Sep 16, 2024
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate...
Moderate
Unreviewed
CVE-2024-47160
was published
Sep 19, 2024
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore...
Moderate
Unreviewed
CVE-2024-47159
was published
Sep 19, 2024
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also...
Critical
Unreviewed
CVE-2023-43119
was published
Oct 16, 2023
This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to...
High
Unreviewed
CVE-2024-8601
was published
Sep 9, 2024
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed...
Moderate
Unreviewed
CVE-2024-5816
was published
Jul 17, 2024
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed...
Moderate
Unreviewed
CVE-2024-5817
was published
Jul 17, 2024
Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42...
High
Unreviewed
CVE-2022-1401
was published
Aug 18, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x...
Critical
Unreviewed
CVE-2022-30311
was published
Jun 14, 2022
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password...
Critical
Unreviewed
CVE-2021-3833
was published
May 24, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web...
Critical
Unreviewed
CVE-2022-30309
was published
Jun 14, 2022
A vulnerability was found in subscription-manager that allows local privilege escalation due to...
High
Unreviewed
CVE-2023-3899
was published
Aug 23, 2023
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5...
Moderate
Unreviewed
CVE-2024-2743
was published
Sep 12, 2024
A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a...
Moderate
Unreviewed
CVE-2024-8691
was published
Sep 11, 2024
Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within...
Low
Unreviewed
CVE-2024-8011
was published
Aug 25, 2024
An access control vulnerability was discovered in the Reports section due to a specific access...
Moderate
Unreviewed
CVE-2024-4465
was published
Sep 11, 2024
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization...
Moderate
Unreviewed
CVE-2024-42423
was published
Sep 10, 2024
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to...
Low
Unreviewed
CVE-2024-44114
was published
Sep 10, 2024
Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers...
Moderate
Unreviewed
CVE-2024-34642
was published
Sep 4, 2024
Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to...
Moderate
Unreviewed
CVE-2024-34652
was published
Sep 4, 2024
Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to...
Moderate
Unreviewed
CVE-2024-34651
was published
Sep 4, 2024
Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local...
Moderate
Unreviewed
CVE-2024-34650
was published
Sep 4, 2024
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access...
Critical
Unreviewed
CVE-2024-45509
was published
Sep 2, 2024
ProTip!
Advisories are also available from the
GraphQL API