GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,286
Erlang
31
GitHub Actions
21
Go
2,058
Maven
5,000+
npm
3,742
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
285 advisories
Filter by severity
The Electronic Official Document Management System from 2100 Technology has an Authentication...
Critical
Unreviewed
CVE-2024-13061
was published
Dec 31, 2024
In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp...
Critical
Unreviewed
CVE-2024-12108
was published
Dec 31, 2024
An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is...
Critical
Unreviewed
CVE-2024-54450
was published
Dec 27, 2024
An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing...
Moderate
Unreviewed
CVE-2024-55232
was published
Dec 19, 2024
Oqtane Framework Incorrect Access Control vulnerability
High
CVE-2024-55470
was published
for
Oqtane.Framework
(NuGet)
Dec 20, 2024
Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may...
Moderate
Unreviewed
CVE-2023-34157
was published
Jun 16, 2023
Authentication Bypass by Spoofing vulnerability in Michal Novák Secure Admin IP allows...
Moderate
Unreviewed
CVE-2023-41133
was published
Dec 13, 2024
PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a...
Moderate
Unreviewed
CVE-2023-27199
was published
Jul 5, 2023
Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested....
High
Unreviewed
CVE-2024-50380
was published
Dec 2, 2024
A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them...
High
Unreviewed
CVE-2024-36466
was published
Nov 28, 2024
An attacker could cause a select dropdown to be shown over another tab; this could have led to...
Moderate
Unreviewed
CVE-2024-11692
was published
Nov 26, 2024
The incorrect domain may have been displayed in the address bar during an interrupted navigation...
Moderate
Unreviewed
CVE-2024-11701
was published
Nov 26, 2024
In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend...
Moderate
Unreviewed
CVE-2023-29147
was published
Jun 30, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS...
Moderate
Unreviewed
CVE-2023-42889
was published
Feb 21, 2024
A user who enables full-screen mode on a specially crafted web page could potentially be...
Moderate
Unreviewed
CVE-2024-9391
was published
Oct 1, 2024
An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to...
Moderate
Unreviewed
CVE-2024-36588
was published
Jun 13, 2024
Click Studios Passwordstate Core before 9.8 build 9858 allows Authentication Bypass.
Moderate
Unreviewed
CVE-2024-39337
was published
Jun 24, 2024
2FA bypass in Wagtail through new device path
Moderate
CVE-2019-16766
was published
for
wagtail-2fa
(pip)
Nov 29, 2019
DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR...
Moderate
Unreviewed
CVE-2024-31802
was published
Jun 27, 2024
Keycloak vulnerable to impersonation via logout token exchange
Low
CVE-2023-0657
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
CoreDNS Cache Poisoning via a birthday attack
Moderate
CVE-2023-30464
was published
for
github.com/coredns/coredns
(Go)
Sep 18, 2024
Grafana Escalation from admin to server admin when auth proxy is used
High
CVE-2022-35957
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
ProTip!
Advisories are also available from the
GraphQL API