GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
272 advisories
Filter by severity
SAP PowerDesigner - version 16.7, has improper access control which might allow an...
Critical
Unreviewed
CVE-2023-37483
was published
Aug 8, 2023
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands...
Critical
Unreviewed
CVE-2024-46627
was published
Sep 26, 2024
Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9...
Critical
Unreviewed
CVE-2023-37759
was published
Sep 8, 2023
An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in...
Critical
Unreviewed
CVE-2023-40039
was published
Sep 11, 2023
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in...
Critical
Unreviewed
CVE-2024-42797
was published
Sep 25, 2024
TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access...
Critical
Unreviewed
CVE-2023-43141
was published
Sep 25, 2023
Improper Access Control in jupyterhub-firstuseauthenticator
Critical
CVE-2021-41194
was published
for
jupyterhub-firstuseauthenticator
(pip)
Oct 28, 2021
An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary,...
Critical
Unreviewed
CVE-2024-5128
was published
Jun 6, 2024
Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run...
Critical
Unreviewed
CVE-2024-45489
was published
Sep 20, 2024
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties...
Critical
Unreviewed
CVE-2024-46937
was published
Sep 16, 2024
HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or...
Critical
Unreviewed
CVE-2023-5365
was published
Oct 9, 2023
Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this...
Critical
Unreviewed
CVE-2023-44118
was published
Oct 11, 2023
TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive...
Critical
Unreviewed
CVE-2024-39376
was published
Jun 27, 2024
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also...
Critical
Unreviewed
CVE-2023-43119
was published
Oct 16, 2023
SaToken privilege escalation vulnerability
Critical
CVE-2023-44794
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are...
Critical
Unreviewed
CVE-2023-41721
was published
Oct 25, 2023
Azure Stack Hub Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-38220
was published
Sep 10, 2024
Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality,...
Critical
Unreviewed
CVE-2024-8584
was published
Sep 9, 2024
An improper access control vulnerability has been identified in the SonicWall SonicOS management...
Critical
Unreviewed
CVE-2024-40766
was published
Aug 23, 2024
eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via...
Critical
Unreviewed
CVE-2024-42919
was published
Aug 20, 2024
Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the...
Critical
Unreviewed
CVE-2024-42967
was published
Aug 15, 2024
An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a...
Critical
Unreviewed
CVE-2023-46501
was published
Nov 7, 2023
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access...
Critical
Unreviewed
CVE-2024-45509
was published
Sep 2, 2024
Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device...
Critical
Unreviewed
CVE-2022-46025
was published
Jan 10, 2024
Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting...
Critical
Unreviewed
CVE-2024-45522
was published
Sep 2, 2024
ProTip!
Advisories are also available from the
GraphQL API