GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,051 advisories
Filter by severity
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while...
High
Unreviewed
CVE-2024-38868
was published
Aug 30, 2024
Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not...
Moderate
Unreviewed
CVE-2024-43954
was published
Aug 29, 2024
Incorrect Authorization vulnerability in Yassine Idrissi Maintenance & Coming Soon Redirect...
Low
Unreviewed
CVE-2024-43944
was published
Aug 29, 2024
Kirby has insufficient permission checks in the language settings
High
CVE-2024-41964
was published
for
getkirby/cms
(Composer)
Aug 29, 2024
AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template
Moderate
CVE-2024-45037
was published
for
aws-cdk
(npm)
Aug 27, 2024
Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within...
Low
Unreviewed
CVE-2024-8011
was published
Aug 25, 2024
An Stored Cross-site Scripting vulnerability affects Zohocorp ManageEngine ServiceDesk Plus,...
Moderate
Unreviewed
CVE-2024-38869
was published
Aug 23, 2024
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints
High
CVE-2024-42490
was published
for
goauthentik.io
(Go)
Aug 22, 2024
The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to...
Moderate
Unreviewed
CVE-2024-7836
was published
Aug 22, 2024
Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability. This...
Moderate
Unreviewed
CVE-2024-7604
was published
Aug 21, 2024
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an...
Moderate
Unreviewed
CVE-2024-7711
was published
Aug 20, 2024
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed...
Moderate
Unreviewed
CVE-2024-6337
was published
Aug 20, 2024
Capsule tenant owner with "patch namespace" permission can hijack system namespaces
High
CVE-2024-39690
was published
for
github.com/projectcapsule/capsule
(Go)
Aug 20, 2024
Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing...
High
Unreviewed
CVE-2024-43250
was published
Aug 19, 2024
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access
Moderate
CVE-2024-44076
was published
for
io.github.microcks:microcks-app
(Maven)
Aug 19, 2024
Incorrect Authorization vulnerability in WPWeb Docket (WooCommerce Collections / Wishlist /...
High
Unreviewed
CVE-2024-43131
was published
Aug 13, 2024
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application...
High
Unreviewed
CVE-2024-41939
was published
Aug 13, 2024
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application...
Moderate
Unreviewed
CVE-2024-41941
was published
Aug 13, 2024
Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user...
High
Unreviewed
CVE-2024-7697
was published
Aug 12, 2024
OpenFGA Authorization Bypass
High
CVE-2024-42473
was published
for
github.com/openfga/openfga
(Go)
Aug 9, 2024
Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy...
High
Unreviewed
CVE-2024-7265
was published
Aug 7, 2024
Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy...
High
Unreviewed
CVE-2024-7266
was published
Aug 7, 2024
CloudStack account-users by default use username and password based authentication for API and UI...
High
Unreviewed
CVE-2024-42062
was published
Aug 7, 2024
Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence.
Moderate
Unreviewed
CVE-2024-6358
was published
Aug 6, 2024
HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability...
Critical
Unreviewed
CVE-2024-6202
was published
Aug 6, 2024
ProTip!
Advisories are also available from the
GraphQL API