GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
255 advisories
Filter by severity
Improper Authorization in dolibarr/dolibarr
Moderate
CVE-2021-3991
was published
for
dolibarr/dolibarr
(Composer)
Nov 15, 2024
A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This...
Moderate
Unreviewed
CVE-2024-10598
was published
Nov 1, 2024
Improper authorization in some Intel(R) PM software may allow a privileged user to potentially...
Moderate
Unreviewed
CVE-2023-38135
was published
Oct 25, 2024
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress...
Moderate
Unreviewed
CVE-2024-9531
was published
Oct 24, 2024
The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a...
Moderate
Unreviewed
CVE-2020-36841
was published
Oct 16, 2024
Gradio's CORS origin validation accepts the null origin
Moderate
CVE-2024-47165
was published
for
gradio
(pip)
Oct 10, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-45131
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-45128
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Information disclosure while sending implicit broadcast containing APP launch information.
Moderate
Unreviewed
CVE-2024-38425
was published
Oct 7, 2024
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low...
Moderate
Unreviewed
CVE-2024-20441
was published
Oct 2, 2024
A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been...
Moderate
Unreviewed
CVE-2024-9297
was published
Sep 28, 2024
A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow...
Moderate
Unreviewed
CVE-2024-20414
was published
Sep 25, 2024
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as...
Moderate
Unreviewed
CVE-2024-9082
was published
Sep 22, 2024
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability
Moderate
CVE-2024-46943
was published
for
org.opendaylight.aaa:aaa-artifacts
(Maven)
Sep 16, 2024
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries
Moderate
CVE-2024-46942
was published
for
org.opendaylight.mdsal:mdsal-artifacts
(Maven)
Sep 16, 2024
An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an...
Moderate
Unreviewed
CVE-2024-6840
was published
Sep 12, 2024
Microsoft Outlook for iOS Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2024-43482
was published
Sep 10, 2024
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
Moderate
Unreviewed
CVE-2024-38231
was published
Sep 10, 2024
A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote...
Moderate
Unreviewed
CVE-2024-20497
was published
Sep 4, 2024
BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in...
Moderate
Unreviewed
CVE-2024-34463
was published
Sep 3, 2024
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin...
Moderate
Unreviewed
CVE-2024-5053
was published
Sep 1, 2024
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability
Moderate
CVE-2024-45043
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
(Go)
Aug 29, 2024
Powermail TYPO3 extension Broken Access Control in the OutputController
Moderate
CVE-2024-45233
was published
for
in2code/powermail
(Composer)
Aug 29, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window
Moderate
CVE-2024-45244
was published
for
github.com/hyperledger/fabric
(Go)
Aug 25, 2024
A vulnerability has been found in SourceCodester Yoga Class Registration System 1.0 and...
Moderate
Unreviewed
CVE-2024-7851
was published
Aug 16, 2024
ProTip!
Advisories are also available from the
GraphQL API