GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
965 advisories
Filter by severity
Argo CD's API server does not enforce project sourceNamespaces
Moderate
CVE-2024-31990
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Apr 15, 2024
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
Moderate
CVE-2024-27309
was published
for
org.apache.kafka:kafka-metadata
(Maven)
Apr 12, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
Moderate
CVE-2024-29834
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Apr 2, 2024
ZITADEL's actions can overload reserved claims
Moderate
CVE-2024-29892
was published
for
github.com/zitadel/zitadel
(Go)
Mar 28, 2024
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could...
Moderate
Unreviewed
CVE-2024-31134
was published
Mar 28, 2024
Elasticsearch Incorrect Authorization vulnerability
Moderate
CVE-2024-23451
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 27, 2024
Improper authorization in the report management and creation module of BMC Control-M branches 9.0...
Moderate
Unreviewed
CVE-2024-1604
was published
Mar 18, 2024
vantage6's CORS settings overly permissive
Moderate
CVE-2024-23823
was published
for
vantage6
(pip)
Mar 15, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management
Moderate
CVE-2024-28098
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Mar 12, 2024
A vulnerability has been identified in Siveillance Control (All versions >= V2.8 < V3.1.1). The...
Moderate
Unreviewed
CVE-2023-45793
was published
Mar 12, 2024
SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only...
Moderate
Unreviewed
CVE-2024-22133
was published
Mar 12, 2024
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore...
Moderate
Unreviewed
CVE-2024-28229
was published
Mar 7, 2024
A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16...
Moderate
Unreviewed
CVE-2024-1299
was published
Mar 7, 2024
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage...
Moderate
Unreviewed
CVE-2024-28174
was published
Mar 6, 2024
1Panel open source panel project has an unauthorized vulnerability.
Moderate
CVE-2024-27288
was published
for
github.com/1Panel-dev/1Panel
(Go)
Mar 6, 2024
Sulu grants access to pages regardless of role permissions
Moderate
CVE-2024-27915
was published
for
sulu/sulu
(Composer)
Mar 4, 2024
IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user...
Moderate
Unreviewed
CVE-2023-47716
was published
Mar 1, 2024
Apache Superset: Improper authorization validation on dashboards and charts import
Moderate
CVE-2024-26016
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper data authorization when creating a new dataset
Moderate
CVE-2024-24779
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
Moderate
CVE-2024-24773
was published
for
apache-superset
(pip)
Feb 28, 2024
Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3...
Moderate
Unreviewed
CVE-2024-25604
was published
Feb 20, 2024
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before...
Moderate
Unreviewed
CVE-2024-25149
was published
Feb 20, 2024
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role...
Moderate
Unreviewed
CVE-2024-24966
was published
Feb 14, 2024
Email Validation Bypass And Preventing Sign Up From Email's Owner
Moderate
CVE-2023-6152
was published
for
github.com/grafana/grafana
(Go)
Feb 13, 2024
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up...
Moderate
Unreviewed
CVE-2023-6963
was published
Feb 6, 2024
ProTip!
Advisories are also available from the
GraphQL API