GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
176 advisories
Filter by severity
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11...
Critical
Unreviewed
CVE-2024-5655
was published
Jun 27, 2024
An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary,...
Critical
Unreviewed
CVE-2024-5128
was published
Jun 6, 2024
Improper access control vulnerability in Prodys' Quantum Audio codec affecting versions 2.3.4t...
Critical
Unreviewed
CVE-2024-5168
was published
May 23, 2024
The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated...
Critical
Unreviewed
CVE-2024-3777
was published
Apr 15, 2024
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly...
Critical
Unreviewed
CVE-2024-29836
was published
Apr 15, 2024
A vulnerability classified as critical was found in Xiongmai AHB7804R-MH-V2, AHB8004T-GL,...
Critical
Unreviewed
CVE-2024-3765
was published
Apr 15, 2024
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-29990
was published
Apr 9, 2024
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive...
Critical
Unreviewed
CVE-2023-1083
was published
Apr 9, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The...
Critical
Unreviewed
CVE-2022-32257
was published
Mar 12, 2024
A remote attacker may be able to bypass access control of Commend WS203VICM by creating a...
Critical
Unreviewed
CVE-2024-21767
was published
Mar 1, 2024
Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability
Critical
Unreviewed
CVE-2024-21376
was published
Feb 13, 2024
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-21401
was published
Feb 13, 2024
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-21364
was published
Feb 13, 2024
Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This...
Critical
Unreviewed
CVE-2024-0642
was published
Jan 17, 2024
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16...
Critical
Unreviewed
CVE-2023-7028
was published
Jan 12, 2024
EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration...
Critical
Unreviewed
CVE-2023-6930
was published
Dec 20, 2023
A vulnerability has been identified in COMOS (All versions). The affected application lacks...
Critical
Unreviewed
CVE-2023-43505
was published
Nov 14, 2023
A vulnerability has been identified in COMOS (All versions). The affected application lacks...
Critical
Unreviewed
CVE-2023-46601
was published
Nov 14, 2023
SAP Business One installation - version 10.0, does not perform proper authentication and...
Critical
Unreviewed
CVE-2023-31403
was published
Nov 14, 2023
Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due...
Critical
Unreviewed
CVE-2023-46665
was published
Oct 26, 2023
Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when...
Critical
Unreviewed
CVE-2023-46664
was published
Oct 26, 2023
Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying...
Critical
Unreviewed
CVE-2023-46661
was published
Oct 26, 2023
The cookie session ID is of insufficient length and can be exploited by
brute force, which may...
Critical
Unreviewed
CVE-2023-42769
was published
Oct 26, 2023
An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325...
Critical
Unreviewed
CVE-2023-24479
was published
Oct 11, 2023
A command execution vulnerability exists in the validate.so diag_ping_start functionality of...
Critical
Unreviewed
CVE-2023-32632
was published
Oct 11, 2023
ProTip!
Advisories are also available from the
GraphQL API