Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,239 advisories

Loading
Microsoft SQL Server Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-37341 was published Sep 10, 2024
Azure Stack Hub Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2024-38220 was published Sep 10, 2024
Loftware Spectrum through 4.6 has unprotected JMX Registry. High Unreviewed
CVE-2023-37234 was published Sep 10, 2024
An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6... Moderate Unreviewed
CVE-2024-45323 was published Sep 10, 2024
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All... Moderate Unreviewed
CVE-2024-37993 was published Sep 10, 2024
Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control... Moderate Unreviewed
CVE-2024-39580 was published Sep 10, 2024
In Baxter Connex health portal released before 8/30/2024, an improper access control... High Unreviewed
CVE-2024-6796 was published Sep 9, 2024
Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality,... Critical Unreviewed
CVE-2024-8584 was published Sep 9, 2024
An improper access control vulnerability allows an attacker with valid access tokens to access... High Unreviewed
CVE-2024-42021 was published Sep 7, 2024
An improper access control vulnerability allows low-privileged users to execute code with... High Unreviewed
CVE-2024-42023 was published Sep 7, 2024
An incorrect permission assignment vulnerability allows an attacker to modify product... High Unreviewed
CVE-2024-42022 was published Sep 7, 2024
A vulnerability has been identified in Node.js version 20, affecting users of the experimental... Moderate Unreviewed
CVE-2023-30582 was published Sep 7, 2024
fs.openAsBlob() can bypass the experimental permission model when using the file system read... High Unreviewed
CVE-2023-30583 was published Sep 7, 2024
A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental... High Unreviewed
CVE-2023-30587 was published Sep 7, 2024
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or... High Unreviewed
CVE-2024-45170 was published Sep 4, 2024
Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow... High Unreviewed
CVE-2023-49233 was published Sep 3, 2024
Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting... Critical Unreviewed
CVE-2024-45522 was published Sep 2, 2024
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access... Critical Unreviewed
CVE-2024-45509 was published Sep 2, 2024
Powermail TYPO3 extension Broken Access Control in the OutputController Moderate
CVE-2024-45233 was published for in2code/powermail (Composer) Aug 29, 2024
An issue in the component EXR!ReadEXR+0x4eef0 of Irfanview v4.67.1.0 allows attackers to cause an... Moderate Unreviewed
CVE-2024-44915 was published Aug 28, 2024
An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows attackers to cause an... Moderate Unreviewed
CVE-2024-44913 was published Aug 28, 2024
An issue in the component EXR!ReadEXR+0x3df50 of Irfanview v4.67.1.0 allows attackers to cause an... Moderate Unreviewed
CVE-2024-44914 was published Aug 28, 2024
A vulnerability in the restricted security domain implementation of Cisco Application Policy... Moderate Unreviewed
CVE-2024-20279 was published Aug 28, 2024
A vulnerability, which was classified as critical, has been found in nafisulbari/itsourcecode... Moderate Unreviewed
CVE-2024-8216 was published Aug 27, 2024
A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a... Moderate Unreviewed
CVE-2024-5814 was published Aug 27, 2024
ProTip! Advisories are also available from the GraphQL API