Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,975
Maven
5,000+
npm
3,698
NuGet
654
pip
3,314
Pub
11
RubyGems
882
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,328 advisories

Loading
Mattermost allows guest user with read access to upload files to a channel Moderate
CVE-2024-43780 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in... Critical Unreviewed
CVE-2024-42775 was published Aug 22, 2024
Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users... High Unreviewed
CVE-2024-42776 was published Aug 22, 2024
Swissphone DiCal-RED 4009 devices allow an unauthenticated attacker use a port-2101 TCP... Moderate Unreviewed
CVE-2024-36441 was published Aug 22, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6... Moderate Unreviewed
CVE-2024-3127 was published Aug 22, 2024
Mattermost allows team admin user without "Add Team Members" permission to disable invite URL Low
CVE-2024-40884 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read access to almost the whole... High Unreviewed
CVE-2024-36443 was published Aug 22, 2024
Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce proper access controls which... Moderate Unreviewed
CVE-2024-43813 was published Aug 22, 2024
Mattermost doesn't restrict which roles can promote a user as system admin Moderate
CVE-2024-8071 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost doesn't redact remote users' original email addresses Moderate
CVE-2024-32939 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra... Critical Unreviewed
CVE-2024-38175 was published Aug 20, 2024
Ghost's improper authentication allows access to member information and actions Moderate
CVE-2024-43409 was published for @tryghost/portal (npm) Aug 20, 2024
1337Nerd
apollo-portal has potential unauthorized access issue Moderate
CVE-2024-43397 was published for com.ctrip.framework.apollo:apollo (Maven) Aug 20, 2024
Umbraco CMS Improper Access Control vulnerability Moderate
CVE-2024-43377 was published for Umbraco.Cms (NuGet) Aug 20, 2024
eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via... Critical Unreviewed
CVE-2024-42919 was published Aug 20, 2024
Improper Access Controls allows backend users to overwrite their username when disallowed. High Unreviewed
CVE-2024-27187 was published Aug 20, 2024
An issue in the login component (process_login.php) of Hotel Management System commit 79d688... Critical Unreviewed
CVE-2024-42559 was published Aug 20, 2024
Hargal - CWE-284: Improper Access Control High Unreviewed
CVE-2024-42334 was published Aug 20, 2024
A vulnerability has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016... Moderate Unreviewed
CVE-2024-7921 was published Aug 19, 2024
A vulnerability, which was classified as critical, has been found in Anhui Deshun Intelligent... Moderate Unreviewed
CVE-2024-7919 was published Aug 19, 2024
A vulnerability, which was classified as problematic, was found in Anhui Deshun Intelligent... Moderate Unreviewed
CVE-2024-7920 was published Aug 19, 2024
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default High
CVE-2024-6221 was published for Flask-Cors (pip) Aug 18, 2024
adrianosela Alex-ley-scrub
icarocd
Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the... Critical Unreviewed
CVE-2024-42967 was published Aug 15, 2024
Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the... Critical Unreviewed
CVE-2024-42966 was published Aug 15, 2024
Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31... Moderate Unreviewed
CVE-2024-28050 was published Aug 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database