Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,911 advisories

Loading
A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected... Moderate Unreviewed
CVE-2024-1823 was published Feb 23, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6,... Moderate Unreviewed
CVE-2023-4895 was published Feb 22, 2024
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to... High Unreviewed
CVE-2024-0410 was published Feb 22, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16... Moderate Unreviewed
CVE-2024-1525 was published Feb 22, 2024
An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions... Low Unreviewed
CVE-2023-3509 was published Feb 22, 2024
A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an... Moderate Unreviewed
CVE-2024-20325 was published Feb 21, 2024
A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as... Moderate Unreviewed
CVE-2024-1701 was published Feb 21, 2024
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated High
CVE-2024-22234 was published for org.springframework.security:spring-security-core (Maven) Feb 20, 2024
oscerd
Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100,... High Unreviewed
CVE-2023-6259 was published Feb 20, 2024
Improper Access Control in moodle Moderate
CVE-2024-25980 was published for moodle/moodle (Composer) Feb 19, 2024
Improper Access Control in moodle Moderate
CVE-2024-25981 was published for moodle/moodle (Composer) Feb 19, 2024
A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10.... Moderate Unreviewed
CVE-2024-1343 was published Feb 19, 2024
DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an improper access... High Unreviewed
CVE-2023-39244 was published Feb 15, 2024
EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing... Moderate Unreviewed
CVE-2024-26263 was published Feb 15, 2024
Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability Critical Unreviewed
CVE-2024-21376 was published Feb 13, 2024
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2024-21401 was published Feb 13, 2024
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2024-21364 was published Feb 13, 2024
Skype for Business Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-20695 was published Feb 13, 2024
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler High
CVE-2024-25121 was published for typo3/cms-core (Composer) Feb 13, 2024
ohader
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme Moderate
CVE-2024-25120 was published for typo3/cms-core (Composer) Feb 13, 2024
sushiwushi bnf
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module Moderate
CVE-2024-24751 was published for derhansen/sf_event_mgt (Composer) Feb 13, 2024
derhansen
Moodle Improper Access Control vulnerability Moderate
CVE-2024-1439 was published for moodle/moodle (Composer) Feb 12, 2024
Mattermost fails to check the required permissions Low
CVE-2024-24776 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 9, 2024
An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7... Moderate Unreviewed
CVE-2023-6840 was published Feb 8, 2024
Graylog vulnerable to instantiation of arbitrary classes triggered by API request High
CVE-2024-24824 was published for org.graylog2:graylog2-server (Maven) Feb 7, 2024
fabsx00
ProTip! Advisories are also available from the GraphQL API