Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,051 advisories

Loading
A vulnerability exists in the web-authentication component of the SDM600. If exploited an... High Unreviewed
CVE-2024-2378 was published Apr 30, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16... Moderate Unreviewed
CVE-2024-4006 was published Apr 25, 2024
Incorrect Authorization vulnerability in Supsystic Data Tables Generator.This issue affects Data... Moderate Unreviewed
CVE-2023-25043 was published Apr 17, 2024
OpenFGA Authorization Bypass High
CVE-2024-31452 was published for github.com/openfga/openfga (Go) Apr 16, 2024
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service Low
CVE-2024-27086 was published for Microsoft.Identity.Client (NuGet) Apr 16, 2024
localden bgavrilMS
gladjohn pmaytak jmprieur christothes ntc-swiss-team
An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically... Critical Unreviewed
CVE-2024-1738 was published Apr 16, 2024
Argo CD's API server does not enforce project sourceNamespaces Moderate
CVE-2024-31990 was published for github.com/argoproj/argo-cd/v2 (Go) Apr 15, 2024
crenshaw-dev pasha-codefresh
Dusk plugin may allow unfettered user authentication in misconfigured installs High
CVE-2024-32003 was published for winter/wn-dusk-plugin (Composer) Apr 12, 2024
bennothommo
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode Moderate
CVE-2024-27309 was published for org.apache.kafka:kafka-metadata (Maven) Apr 12, 2024
An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary... High Unreviewed
CVE-2024-1625 was published Apr 10, 2024
In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user removed from an... Critical Unreviewed
CVE-2024-1740 was published Apr 10, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints Moderate
CVE-2024-29834 was published for org.apache.pulsar:pulsar-broker (Maven) Apr 2, 2024
oscerd
ZITADEL's actions can overload reserved claims Moderate
CVE-2024-29892 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024
schettn fforootd
adlerhurst livio-a
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could... Moderate Unreviewed
CVE-2024-31134 was published Mar 28, 2024
Elasticsearch Incorrect Authorization vulnerability Moderate
CVE-2024-23451 was published for org.elasticsearch:elasticsearch (Maven) Mar 27, 2024
Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows... High Unreviewed
CVE-2023-6400 was published Mar 27, 2024
Ignite Realtime Openfire privilege escalation vulnerability High
CVE-2024-25420 was published for org.igniterealtime.openfire:xmppserver (Maven) Mar 26, 2024
Ignite Realtime Openfire privilege escalation vulnerability High
CVE-2024-25421 was published for org.igniterealtime.openfire:xmppserver (Maven) Mar 26, 2024
Improper authorization in the report management and creation module of BMC Control-M branches 9.0... Moderate Unreviewed
CVE-2024-1604 was published Mar 18, 2024
vantage6's CORS settings overly permissive Moderate
CVE-2024-23823 was published for vantage6 (pip) Mar 15, 2024
In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report... Critical Unreviewed
CVE-2024-25652 was published Mar 14, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management Moderate
CVE-2024-28098 was published for org.apache.pulsar:pulsar-broker (Maven) Mar 12, 2024
oscerd
A vulnerability has been identified in Siveillance Control (All versions >= V2.8 < V3.1.1). The... Moderate Unreviewed
CVE-2023-45793 was published Mar 12, 2024
SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only... Moderate Unreviewed
CVE-2024-22133 was published Mar 12, 2024
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore... Moderate Unreviewed
CVE-2024-28229 was published Mar 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database