Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

947 advisories

Loading
An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to... High Unreviewed
CVE-2024-0199 was published Mar 7, 2024
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate... High Unreviewed
CVE-2023-43318 was published Mar 6, 2024
Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and... High Unreviewed
CVE-2023-38945 was published Mar 6, 2024
An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows attackers to... High Unreviewed
CVE-2023-38946 was published Mar 6, 2024
If an attacked was given access to an instance with the admin or manager role there is no backend... High Unreviewed
CVE-2024-0795 was published Mar 3, 2024
A directory listing vulnerability in Customer Support System v1 allows attackers to list... High Unreviewed
CVE-2023-49545 was published Mar 2, 2024
Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file. High Unreviewed
CVE-2024-27497 was published Mar 1, 2024
Low-privileged users with access to the Sitefinity backend may obtain sensitive information from... High Unreviewed
CVE-2024-1632 was published Feb 28, 2024
Enable exports of the database and associated exported information of the system via the default... High Unreviewed
CVE-2024-0551 was published Feb 27, 2024
code-projects Agro-School Management System 1.0 is suffers from Incorrect Access Control. High Unreviewed
CVE-2024-25251 was published Feb 22, 2024
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to... High Unreviewed
CVE-2024-0410 was published Feb 22, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... High Unreviewed
CVE-2023-42860 was published Feb 21, 2024
An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS... High Unreviewed
CVE-2023-42838 was published Feb 21, 2024
An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12... High Unreviewed
CVE-2023-47422 was published Feb 21, 2024
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated High
CVE-2024-22234 was published for org.springframework.security:spring-security-core (Maven) Feb 20, 2024
oscerd
Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100,... High Unreviewed
CVE-2023-6259 was published Feb 20, 2024
Vulnerability of improper access control in the media library module.Successful exploitation of... High Unreviewed
CVE-2023-52367 was published Feb 18, 2024
Permission management vulnerability in the lock screen module.Successful exploitation of this... High Unreviewed
CVE-2023-52362 was published Feb 18, 2024
In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to... High Unreviewed
CVE-2024-0036 was published Feb 16, 2024
DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an improper access... High Unreviewed
CVE-2023-39244 was published Feb 15, 2024
An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload... High Unreviewed
CVE-2024-24386 was published Feb 15, 2024
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler High
CVE-2024-25121 was published for typo3/cms-core (Composer) Feb 13, 2024
ohader
Graylog vulnerable to instantiation of arbitrary classes triggered by API request High
CVE-2024-24824 was published for org.graylog2:graylog2-server (Maven) Feb 7, 2024
fabsx00
Memory corruption in Automotive Multimedia due to improper access control in HAB. High Unreviewed
CVE-2023-43517 was published Feb 6, 2024
Incorrect access control in Reprise License Management Software Reprise License Manager v15.1... High Unreviewed
CVE-2023-44031 was published Feb 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database