Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

619 advisories

Loading
Sentry improperly authorizes muting of alert rules High
CVE-2024-45606 was published for sentry (pip) Sep 17, 2024
emanuelbeni
The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities... Moderate Unreviewed
CVE-2023-6824 was published Jan 16, 2024
A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue... Moderate Unreviewed
CVE-2024-10121 was published Oct 18, 2024
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for... Critical Unreviewed
CVE-2024-9263 was published Oct 17, 2024
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors... High Unreviewed
CVE-2024-9215 was published Oct 17, 2024
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary... Critical Unreviewed
CVE-2024-9862 was published Oct 17, 2024
This vulnerability exists in the Shilpi Net Back Office due to improper access controls on... High Unreviewed
CVE-2024-47657 was published Oct 4, 2024
Dell E-Lab Navigator, [3.1.9, 3.2.0], contains an Insecure Direct Object Reference Vulnerability... Moderate Unreviewed
CVE-2024-22455 was published Oct 16, 2024
An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on... High Unreviewed
CVE-2024-8040 was published Oct 16, 2024
The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference... Moderate Unreviewed
CVE-2023-7286 was published Oct 16, 2024
Sensitive information manipulation due to improper authorization. The following products are... Low Unreviewed
CVE-2024-49388 was published Oct 15, 2024
The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions... High Unreviewed
CVE-2024-9687 was published Oct 15, 2024
NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal... Moderate Unreviewed
CVE-2023-41356 was published Nov 3, 2023
An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated... High Unreviewed
CVE-2024-47495 was published Oct 11, 2024
Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to... Moderate Unreviewed
CVE-2023-49339 was published Feb 13, 2024
Improper authorization in the report management and creation module of BMC Control-M branches 9.0... Moderate Unreviewed
CVE-2024-1604 was published Mar 18, 2024
An issue was discovered in phpList 3.6.12. Due to an access error, it was possible to manipulate... Moderate Unreviewed
CVE-2023-27576 was published Aug 18, 2023
A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303... Moderate Unreviewed
CVE-2024-9554 was published Oct 6, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Salon Booking System Salon... Moderate Unreviewed
CVE-2024-47316 was published Oct 5, 2024
The MapPress Maps for WordPress plugin before 2.88.16 does not ensure that posts to be retrieve... Moderate Unreviewed
CVE-2024-0421 was published Feb 12, 2024
An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting... High Unreviewed
CVE-2024-5131 was published Jun 6, 2024
An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including... High Unreviewed
CVE-2024-5130 was published Jun 6, 2024
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series... Moderate Unreviewed
CVE-2024-20513 was published Oct 2, 2024
A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been... Moderate Unreviewed
CVE-2024-9298 was published Sep 28, 2024
Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library Critical
GHSA-gcgw-q47m-prvj was published for com.sap.cloud.security.xsuaa:spring-xsuaa (Maven) Dec 12, 2023 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database