Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

965 advisories

Loading
Argo CD's API server does not enforce project sourceNamespaces Moderate
CVE-2024-31990 was published for github.com/argoproj/argo-cd/v2 (Go) Apr 15, 2024
crenshaw-dev pasha-codefresh
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode Moderate
CVE-2024-27309 was published for org.apache.kafka:kafka-metadata (Maven) Apr 12, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints Moderate
CVE-2024-29834 was published for org.apache.pulsar:pulsar-broker (Maven) Apr 2, 2024
oscerd
ZITADEL's actions can overload reserved claims Moderate
CVE-2024-29892 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024
schettn fforootd
adlerhurst livio-a
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could... Moderate Unreviewed
CVE-2024-31134 was published Mar 28, 2024
Elasticsearch Incorrect Authorization vulnerability Moderate
CVE-2024-23451 was published for org.elasticsearch:elasticsearch (Maven) Mar 27, 2024
Improper authorization in the report management and creation module of BMC Control-M branches 9.0... Moderate Unreviewed
CVE-2024-1604 was published Mar 18, 2024
vantage6's CORS settings overly permissive Moderate
CVE-2024-23823 was published for vantage6 (pip) Mar 15, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management Moderate
CVE-2024-28098 was published for org.apache.pulsar:pulsar-broker (Maven) Mar 12, 2024
oscerd
A vulnerability has been identified in Siveillance Control (All versions >= V2.8 < V3.1.1). The... Moderate Unreviewed
CVE-2023-45793 was published Mar 12, 2024
SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only... Moderate Unreviewed
CVE-2024-22133 was published Mar 12, 2024
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore... Moderate Unreviewed
CVE-2024-28229 was published Mar 7, 2024
A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16... Moderate Unreviewed
CVE-2024-1299 was published Mar 7, 2024
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage... Moderate Unreviewed
CVE-2024-28174 was published Mar 6, 2024
1Panel open source panel project has an unauthorized vulnerability. Moderate
CVE-2024-27288 was published for github.com/1Panel-dev/1Panel (Go) Mar 6, 2024
Sulu grants access to pages regardless of role permissions Moderate
CVE-2024-27915 was published for sulu/sulu (Composer) Mar 4, 2024
IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user... Moderate Unreviewed
CVE-2023-47716 was published Mar 1, 2024
Apache Superset: Improper authorization validation on dashboards and charts import Moderate
CVE-2024-26016 was published for apache-superset (pip) Feb 28, 2024
oscerd
Apache Superset: Improper data authorization when creating a new dataset Moderate
CVE-2024-24779 was published for apache-superset (pip) Feb 28, 2024
oscerd
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data Moderate
CVE-2024-24773 was published for apache-superset (pip) Feb 28, 2024
oscerd
Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3... Moderate Unreviewed
CVE-2024-25604 was published Feb 20, 2024
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before... Moderate Unreviewed
CVE-2024-25149 was published Feb 20, 2024
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role... Moderate Unreviewed
CVE-2024-24966 was published Feb 14, 2024
Email Validation Bypass And Preventing Sign Up From Email's Owner Moderate
CVE-2023-6152 was published for github.com/grafana/grafana (Go) Feb 13, 2024
negrel
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up... Moderate Unreviewed
CVE-2023-6963 was published Feb 6, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database