GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,911 advisories
Filter by severity
A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected...
Moderate
Unreviewed
CVE-2024-1823
was published
Feb 23, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6,...
Moderate
Unreviewed
CVE-2023-4895
was published
Feb 22, 2024
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to...
High
Unreviewed
CVE-2024-0410
was published
Feb 22, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16...
Moderate
Unreviewed
CVE-2024-1525
was published
Feb 22, 2024
An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions...
Low
Unreviewed
CVE-2023-3509
was published
Feb 22, 2024
A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an...
Moderate
Unreviewed
CVE-2024-20325
was published
Feb 21, 2024
A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as...
Moderate
Unreviewed
CVE-2024-1701
was published
Feb 21, 2024
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
High
CVE-2024-22234
was published
for
org.springframework.security:spring-security-core
(Maven)
Feb 20, 2024
Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100,...
High
Unreviewed
CVE-2023-6259
was published
Feb 20, 2024
Improper Access Control in moodle
Moderate
CVE-2024-25980
was published
for
moodle/moodle
(Composer)
Feb 19, 2024
Improper Access Control in moodle
Moderate
CVE-2024-25981
was published
for
moodle/moodle
(Composer)
Feb 19, 2024
A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10....
Moderate
Unreviewed
CVE-2024-1343
was published
Feb 19, 2024
DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an improper access...
High
Unreviewed
CVE-2023-39244
was published
Feb 15, 2024
EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing...
Moderate
Unreviewed
CVE-2024-26263
was published
Feb 15, 2024
Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability
Critical
Unreviewed
CVE-2024-21376
was published
Feb 13, 2024
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-21401
was published
Feb 13, 2024
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-21364
was published
Feb 13, 2024
Skype for Business Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2024-20695
was published
Feb 13, 2024
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
High
CVE-2024-25121
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
Moderate
CVE-2024-25120
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module
Moderate
CVE-2024-24751
was published
for
derhansen/sf_event_mgt
(Composer)
Feb 13, 2024
Moodle Improper Access Control vulnerability
Moderate
CVE-2024-1439
was published
for
moodle/moodle
(Composer)
Feb 12, 2024
Mattermost fails to check the required permissions
Low
CVE-2024-24776
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 9, 2024
An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7...
Moderate
Unreviewed
CVE-2023-6840
was published
Feb 8, 2024
Graylog vulnerable to instantiation of arbitrary classes triggered by API request
High
CVE-2024-24824
was published
for
org.graylog2:graylog2-server
(Maven)
Feb 7, 2024
ProTip!
Advisories are also available from the
GraphQL API