Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

176 advisories

Loading
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11... Critical Unreviewed
CVE-2024-5655 was published Jun 27, 2024
An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary,... Critical Unreviewed
CVE-2024-5128 was published Jun 6, 2024
Improper access control vulnerability in Prodys' Quantum Audio codec affecting versions 2.3.4t... Critical Unreviewed
CVE-2024-5168 was published May 23, 2024
The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated... Critical Unreviewed
CVE-2024-3777 was published Apr 15, 2024
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly... Critical Unreviewed
CVE-2024-29836 was published Apr 15, 2024
A vulnerability classified as critical was found in Xiongmai AHB7804R-MH-V2, AHB8004T-GL,... Critical Unreviewed
CVE-2024-3765 was published Apr 15, 2024
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2024-29990 was published Apr 9, 2024
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive... Critical Unreviewed
CVE-2023-1083 was published Apr 9, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The... Critical Unreviewed
CVE-2022-32257 was published Mar 12, 2024
A remote attacker may be able to bypass access control of Commend WS203VICM by creating a... Critical Unreviewed
CVE-2024-21767 was published Mar 1, 2024
Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability Critical Unreviewed
CVE-2024-21376 was published Feb 13, 2024
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2024-21401 was published Feb 13, 2024
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2024-21364 was published Feb 13, 2024
Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This... Critical Unreviewed
CVE-2024-0642 was published Jan 17, 2024
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16... Critical Unreviewed
CVE-2023-7028 was published Jan 12, 2024
EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration... Critical Unreviewed
CVE-2023-6930 was published Dec 20, 2023
A vulnerability has been identified in COMOS (All versions). The affected application lacks... Critical Unreviewed
CVE-2023-43505 was published Nov 14, 2023
A vulnerability has been identified in COMOS (All versions). The affected application lacks... Critical Unreviewed
CVE-2023-46601 was published Nov 14, 2023
SAP Business One installation - version 10.0, does not perform proper authentication and... Critical Unreviewed
CVE-2023-31403 was published Nov 14, 2023
Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due... Critical Unreviewed
CVE-2023-46665 was published Oct 26, 2023
Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when... Critical Unreviewed
CVE-2023-46664 was published Oct 26, 2023
Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying... Critical Unreviewed
CVE-2023-46661 was published Oct 26, 2023
The cookie session ID is of insufficient length and can be exploited by brute force, which may... Critical Unreviewed
CVE-2023-42769 was published Oct 26, 2023
An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325... Critical Unreviewed
CVE-2023-24479 was published Oct 11, 2023
A command execution vulnerability exists in the validate.so diag_ping_start functionality of... Critical Unreviewed
CVE-2023-32632 was published Oct 11, 2023
ProTip! Advisories are also available from the GraphQL API