GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,269 advisories
Filter by severity
An incorrect permission assignment vulnerability allows an attacker to modify product...
High
Unreviewed
CVE-2024-42022
was published
Sep 7, 2024
fs.openAsBlob() can bypass the experimental permission model when using the file system read...
High
Unreviewed
CVE-2023-30583
was published
Sep 7, 2024
A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental...
High
Unreviewed
CVE-2023-30587
was published
Sep 7, 2024
A vulnerability has been identified in Node.js version 20, affecting users of the experimental...
Moderate
Unreviewed
CVE-2023-30582
was published
Sep 7, 2024
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or...
High
Unreviewed
CVE-2024-45170
was published
Sep 4, 2024
Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow...
High
Unreviewed
CVE-2023-49233
was published
Sep 3, 2024
Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting...
Critical
Unreviewed
CVE-2024-45522
was published
Sep 2, 2024
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access...
Critical
Unreviewed
CVE-2024-45509
was published
Sep 2, 2024
Powermail TYPO3 extension Broken Access Control in the OutputController
Moderate
CVE-2024-45233
was published
for
in2code/powermail
(Composer)
Aug 29, 2024
An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows attackers to cause an...
Moderate
Unreviewed
CVE-2024-44913
was published
Aug 28, 2024
An issue in the component EXR!ReadEXR+0x3df50 of Irfanview v4.67.1.0 allows attackers to cause an...
Moderate
Unreviewed
CVE-2024-44914
was published
Aug 28, 2024
An issue in the component EXR!ReadEXR+0x4eef0 of Irfanview v4.67.1.0 allows attackers to cause an...
Moderate
Unreviewed
CVE-2024-44915
was published
Aug 28, 2024
A vulnerability in the restricted security domain implementation of Cisco Application Policy...
Moderate
Unreviewed
CVE-2024-20279
was published
Aug 28, 2024
A vulnerability, which was classified as critical, has been found in nafisulbari/itsourcecode...
Moderate
Unreviewed
CVE-2024-8216
was published
Aug 27, 2024
A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a...
Moderate
Unreviewed
CVE-2024-5814
was published
Aug 27, 2024
An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and...
High
Unreviewed
CVE-2024-36068
was published
Aug 27, 2024
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an...
Critical
Unreviewed
CVE-2024-7954
was published
Aug 23, 2024
Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via ...
Moderate
Unreviewed
CVE-2024-42766
was published
Aug 23, 2024
An improper access control vulnerability has been identified in the SonicWall SonicOS management...
Critical
Unreviewed
CVE-2024-40766
was published
Aug 23, 2024
Improper access control in Decentralized Identity Services allows an unathenticated attacker to...
High
Unreviewed
CVE-2024-43477
was published
Aug 23, 2024
An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel...
High
Unreviewed
CVE-2024-42772
was published
Aug 22, 2024
Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users...
High
Unreviewed
CVE-2024-42776
was published
Aug 22, 2024
An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in...
Critical
Unreviewed
CVE-2024-42775
was published
Aug 22, 2024
Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams
Moderate
CVE-2024-42497
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Mattermost allows guest user with read access to upload files to a channel
Moderate
CVE-2024-43780
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
ProTip!
Advisories are also available from the
GraphQL API