Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

619 advisories

Loading
A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic.... Moderate Unreviewed
CVE-2024-7438 was published Aug 3, 2024
A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4.... Moderate Unreviewed
CVE-2024-7437 was published Aug 3, 2024
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey()... Moderate Unreviewed
CVE-2024-41254 was published Jul 31, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects... Moderate Unreviewed
CVE-2024-38701 was published Jul 22, 2024
On versions before 2.1.4, after a regular user successfully logs in, they can manually make a... Moderate Unreviewed
CVE-2024-34457 was published Jul 22, 2024
Withdrawn: SFTPGo's JWT implmentation lacks certain security measures Moderate
CVE-2024-40430 was published for github.com/drakkan/sftpgo/v2 (Go) Jul 22, 2024 withdrawn
drakkan
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-5977 was published Jul 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer... Critical Unreviewed
CVE-2024-5619 was published Jul 18, 2024
The OpenSearch reporting plugin improperly controls tenancy access to reporting resources Moderate
CVE-2024-39900 was published for org.opensearch.plugin:opensearch-reports-scheduler (Maven) Jul 18, 2024
NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the... Moderate Unreviewed
CVE-2024-38446 was published Jul 17, 2024
NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request... High Unreviewed
CVE-2024-38447 was published Jul 17, 2024
Sylius has a security vulnerability via adjustments API endpoint High
CVE-2024-40633 was published for sylius/sylius (Composer) Jul 17, 2024
OpenSearch Observability does not properly restrict access to private tenant resources Low
CVE-2024-39901 was published for org.opensearch.plugin:opensearch-observability (Maven) Jul 10, 2024
Cache driver GetBlob() allows read access to any blob without access control check Moderate
CVE-2024-39897 was published for zotregistry.dev/zot (Go) Jul 9, 2024
bburky
An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and... Moderate Unreviewed
CVE-2024-21759 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38055 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch,... Critical Unreviewed
CVE-2023-38052 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged... Critical Unreviewed
CVE-2023-38049 was published Jul 9, 2024
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged... Critical Unreviewed
CVE-2023-3287 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to... Critical Unreviewed
CVE-2023-38053 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to... High Unreviewed
CVE-2023-38047 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user... Critical Unreviewed
CVE-2023-38051 was published Jul 9, 2024
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged... Moderate Unreviewed
CVE-2023-3290 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38048 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38050 was published Jul 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database