GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
23 advisories
Filter by severity
Keycloak is vulnerable to IDN homograph attack
Low
GHSA-mwm4-5qwr-g9pf
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 28, 2022
Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service
Low
CVE-2014-0228
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
Tauri Filesystem Scope can be Partially Bypassed
Low
CVE-2022-41874
was published
for
Tauri
(Rust)
Nov 8, 2022
Mattermost fails to correctly delete attachments
Low
CVE-2023-4105
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
Admidio Improper Access Control vulnerability
Low
CVE-2023-3303
was published
for
admidio/admidio
(Composer)
Jun 23, 2023
Froxlor vulnerable to business logic errors
Low
CVE-2023-4304
was published
for
froxlor/froxlor
(Composer)
Aug 11, 2023
Broken access control in Silverpeas
Low
CVE-2023-47320
was published
for
org.silverpeas.core:silverpeas-core-war
(Maven)
Dec 13, 2023
Keycloak vulnerable to impersonation via logout token exchange
Low
CVE-2023-0657
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Mattermost allows team admins to promote guests to team admins
Low
CVE-2024-4195
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Mattermost fails to fully validate role changes
Low
CVE-2024-4198
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Low
CVE-2024-30261
was published
for
undici
(npm)
Apr 4, 2024
vantage6 collaboration admins can extend their influence by expanding the collaboration
Low
CVE-2024-32969
was published
for
vantage6
(pip)
May 22, 2024
Mattermost fails to check the required permissions
Low
CVE-2024-24776
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 9, 2024
Mattermost Server Improper Access Control
Low
CVE-2024-21848
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
Mattermost allows demoted guests to change group names
Low
CVE-2023-50333
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Jan 2, 2024
Mattermost fails to properly restrict the access of files attached to posts
Low
CVE-2024-23488
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost failed to properly validate synced reactions
Low
CVE-2024-29977
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost did not properly restrict channel creation
Low
CVE-2024-39837
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows team admin user without "Add Team Members" permission to disable invite URL
Low
CVE-2024-40884
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Mattermost allows remote actor to set arbitrary RemoteId values for synced users
Low
CVE-2024-41926
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost Desktop App fails to safeguard screen capture functionality
Low
CVE-2024-39772
was published
for
mattermost-desktop
(npm)
Sep 16, 2024
Magento Open Source Improper Access Control vulnerability
Low
CVE-2024-45149
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
Low
CVE-2024-48925
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
ProTip!
Advisories are also available from the
GraphQL API