GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
757 advisories
Filter by severity
A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed...
High
Unreviewed
CVE-2023-0971
was published
Jun 21, 2023
OpenStack Keystone Insufficient token expiration
High
CVE-2012-5563
was published
for
keystone
(pip)
May 17, 2022
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID
High
CVE-2020-12691
was published
for
keystone
(pip)
May 24, 2022
Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows...
High
Unreviewed
CVE-2024-7108
was published
Sep 26, 2024
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos...
High
Unreviewed
CVE-2024-2698
was published
Jun 12, 2024
Possible pod name collisions in jupyterhub-kubespawner
High
CVE-2020-15110
was published
for
jupyterhub-kubespawner
(pip)
Jul 22, 2020
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an...
High
Unreviewed
CVE-2023-47142
was published
Feb 2, 2024
This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to...
High
Unreviewed
CVE-2024-8601
was published
Sep 9, 2024
Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42...
High
Unreviewed
CVE-2022-1401
was published
Aug 18, 2022
A vulnerability was found in subscription-manager that allows local privilege escalation due to...
High
Unreviewed
CVE-2023-3899
was published
Aug 23, 2023
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
High
CVE-2021-40325
was published
for
cobbler
(pip)
Oct 5, 2021
SaToken authentication bypass vulnerability
High
CVE-2023-43961
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have...
High
Unreviewed
CVE-2024-31970
was published
Jul 24, 2024
This vulnerability exists due to improper access controls on APIs in the Authentication module of...
High
Unreviewed
CVE-2024-45586
was published
Sep 3, 2024
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to...
High
Unreviewed
CVE-2024-45587
was published
Sep 3, 2024
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to...
High
Unreviewed
CVE-2024-45588
was published
Sep 3, 2024
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while...
High
Unreviewed
CVE-2024-38868
was published
Aug 30, 2024
Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to...
High
Unreviewed
CVE-2024-6323
was published
Jun 27, 2024
Kirby has insufficient permission checks in the language settings
High
CVE-2024-41964
was published
for
getkirby/cms
(Composer)
Aug 29, 2024
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints
High
CVE-2024-42490
was published
for
goauthentik.io
(Go)
Aug 22, 2024
Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy...
High
Unreviewed
CVE-2024-7265
was published
Aug 7, 2024
Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy...
High
Unreviewed
CVE-2024-7266
was published
Aug 7, 2024
Apache Archiva Incorrect Authorization vulnerability
High
CVE-2024-27138
was published
for
org.apache.archiva:archiva
(Maven)
Mar 1, 2024
Capsule tenant owner with "patch namespace" permission can hijack system namespaces
High
CVE-2024-39690
was published
for
github.com/projectcapsule/capsule
(Go)
Aug 20, 2024
ProTip!
Advisories are also available from the
GraphQL API