Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

204 advisories

Loading
Harbor fails to validate the user permissions when updating tag retention policies High
CVE-2022-31670 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
michaelkedar
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries High
CVE-2024-46942 was published for org.opendaylight.mdsal:mdsal-artifacts (Maven) Sep 16, 2024
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin High
CVE-2024-52551 was published for org.jenkinsci.plugins:pipeline-model-parent (Maven) Nov 13, 2024
Harbor fails to validate the user permissions when updating p2p preheat policies High
CVE-2022-31668 was published for github.com/goharbor/harbor (Go) Nov 14, 2024
Harbor fails to validate the user permissions when viewing Webhook policies High
CVE-2022-31666 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
andrewpollock
Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin High
CVE-2024-52550 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Nov 13, 2024
Parse Server's custom object ID allows to acquire role privileges High
CVE-2024-47183 was published for parse-server (npm) Oct 4, 2024
mstniy mtrezza
Kyverno's PolicyException objects can be created in any namespace by default High
CVE-2024-48921 was published for github.com/kyverno/kyverno (Go) Oct 29, 2024
jeidsath
Improper authorization on debug and artifact file downloads High
CVE-2023-36826 was published for sentry (pip) Jul 25, 2023
Swatinem
The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that... High Unreviewed
CVE-2024-9235 was published Oct 25, 2024
Privileges are not fully verified server-side, which can be abused by a user with limited... High Unreviewed
CVE-2024-28029 was published Mar 22, 2024
Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans High
CVE-2023-50780 was published for org.apache.activemq:artemis-cli (Maven) Oct 14, 2024
SAK-50571 Sakai Kernel users created with type roleview can login as a normal user High
CVE-2024-47876 was published for org.sakaiproject.kernel:sakai-kernel-impl (Maven) Oct 15, 2024
Magento Open Source Improper Authorization vulnerability High
CVE-2024-45132 was published for magento/community-edition (Composer) Oct 10, 2024
Gradios's CORS origin validation is not performed when the request has a cookie High
CVE-2024-47084 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Improper Authorization in Select Permissions High
GHSA-9722-9j67-vjcr was published for surrealdb (Rust) Oct 8, 2024
5hanth Xkonti
Windows Kerberos Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-38129 was published Oct 8, 2024
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W,... High Unreviewed
CVE-2024-20393 was published Oct 2, 2024
The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7... High Unreviewed
CVE-2023-37491 was published Aug 8, 2023
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers High
CVE-2023-3518 was published for github.com/hashicorp/consul (Go) Aug 9, 2023
anonymous4ACL24
Improper Authentication, Missing Authentication for Critical Function, Improper Authorization... High Unreviewed
CVE-2024-7015 was published Sep 9, 2024
IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions... High Unreviewed
CVE-2023-40683 was published Jan 19, 2024
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows... High Unreviewed
CVE-2024-43460 was published Sep 17, 2024
A vulnerability was found in subscription-manager that allows local privilege escalation due to... High Unreviewed
CVE-2023-3899 was published Aug 23, 2023
A vulnerability in the JSON-RPC API feature in ConfD that is used by the web-based management... High Unreviewed
CVE-2024-20381 was published Sep 11, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database