GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,265 advisories
Filter by severity
The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser...
Moderate
Unreviewed
CVE-2023-25632
was published
Nov 27, 2023
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability
Moderate
CVE-2024-28087
was published
for
org.bonitasoft.engine:bonita-server
(Maven)
May 15, 2024
An issue was discovered in the Boomerang Parental Control application before 13.83 for Android....
Moderate
Unreviewed
CVE-2023-36620
was published
Nov 3, 2023
An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a...
Critical
Unreviewed
CVE-2023-46501
was published
Nov 7, 2023
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or...
High
Unreviewed
CVE-2024-45170
was published
Sep 4, 2024
Borg Improper Access Control vulnerability
High
CVE-2017-15914
was published
for
borgbackup
(pip)
May 13, 2022
Mattermost allows remote actor to set arbitrary RemoteId values for synced users
Low
CVE-2024-41926
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access...
Critical
Unreviewed
CVE-2024-45509
was published
Sep 2, 2024
Permission control vulnerability in the call module. Successful exploitation of this...
High
Unreviewed
CVE-2023-46759
was published
Nov 8, 2023
Vulnerability of input parameters being not strictly verified in the input. Successful...
Moderate
Unreviewed
CVE-2023-46755
was published
Nov 8, 2023
Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow...
High
Unreviewed
CVE-2023-49233
was published
Sep 3, 2024
Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device...
Critical
Unreviewed
CVE-2022-46025
was published
Jan 10, 2024
An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in...
High
Unreviewed
CVE-2024-41518
was published
Aug 2, 2024
A vulnerability in UniswapFrontRunBot 0xdB94c allows attackers to cause financial losses via...
High
Unreviewed
CVE-2023-47034
was published
Jan 19, 2024
MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in...
Moderate
Unreviewed
CVE-2023-41570
was published
Nov 15, 2023
Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting...
Critical
Unreviewed
CVE-2024-45522
was published
Sep 2, 2024
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows...
Moderate
Unreviewed
CVE-2023-43901
was published
Nov 14, 2023
EverShop at risk to unauthorized access via weak HMAC secret
High
CVE-2023-46943
was published
for
@evershop/evershop
(npm)
Jan 13, 2024
An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows...
High
Unreviewed
CVE-2023-51070
was published
Jan 13, 2024
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition...
High
Unreviewed
CVE-2024-20932
was published
Jan 17, 2024
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition...
High
Unreviewed
CVE-2024-20952
was published
Jan 17, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11...
Low
Unreviewed
CVE-2024-4011
was published
Jun 27, 2024
An improper access control vulnerability exists in GitLab Remote Development affecting all...
Moderate
Unreviewed
CVE-2023-6955
was published
Jan 12, 2024
Powermail TYPO3 extension Broken Access Control in the OutputController
Moderate
CVE-2024-45233
was published
for
in2code/powermail
(Composer)
Aug 29, 2024
A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 ...
High
Unreviewed
CVE-2022-23829
was published
Jun 18, 2024
ProTip!
Advisories are also available from the
GraphQL API