Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,039
Erlang
29
GitHub Actions
18
Go
1,864
Maven
5,000+
npm
3,587
NuGet
636
pip
3,176
Pub
10
RubyGems
852
Rust
805
Swift
34
Unreviewed advisories
All unreviewed
5,000+

45 advisories

An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an... Critical Unreviewed
CVE-2024-36130 was published Aug 7, 2024
lunary-ai/lunary allows users unauthorized access to projects Critical
CVE-2024-4146 was published for lunary (npm) Jun 8, 2024
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application,... Critical Unreviewed
CVE-2024-3033 was published Jun 6, 2024
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter... Critical Unreviewed
CVE-2024-34257 was published May 8, 2024
DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php. Critical Unreviewed
CVE-2024-33749 was published May 6, 2024
lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members... Critical Unreviewed
CVE-2024-1741 was published Apr 10, 2024
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions Critical
CVE-2024-25108 was published for pixelfed/pixelfed (Composer) Feb 12, 2024
ThisIsMissEm nivenly-foundation
EisBaer Scada - CWE-285: Improper Authorization Critical Unreviewed
CVE-2023-42491 was published Oct 25, 2023
A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS... Critical Unreviewed
CVE-2023-20186 was published Sep 27, 2023
Pomerium vulnerable to Incorrect Authorization with specially crafted requests Critical
CVE-2023-33189 was published for github.com/pomerium/pomerium (Go) May 26, 2023
nonsleepr
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS... Critical Unreviewed
CVE-2023-30467 was published Apr 28, 2023
Improper Authorization in modoboa Critical
CVE-2023-2227 was published for modoboa (pip) Apr 21, 2023
Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication... Critical Unreviewed
CVE-2022-3748 was published Apr 14, 2023
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper... Critical Unreviewed
CVE-2023-1256 was published Mar 16, 2023
A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact... Critical Unreviewed
CVE-2022-27583 was published Nov 1, 2022
Field-level access-control bypass for multiselect field Critical
CVE-2022-39322 was published for @keystone-6/core (npm) Oct 18, 2022
marekryb
Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and... Critical Unreviewed
CVE-2022-39862 was published Oct 7, 2022
Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1. Critical Unreviewed
CVE-2022-2595 was published Aug 2, 2022
Improper Authorization in Apache Shiro Critical
CVE-2022-32532 was published for org.apache.shiro:shiro-core (Maven) Jun 30, 2022
4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated... Critical Unreviewed
CVE-2021-42338 was published May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21693 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Tad Book3 editing book page does not perform identity verification. Remote attackers can use the... Critical Unreviewed
CVE-2021-41974 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Critical Unreviewed
CVE-2021-36029 was published May 24, 2022
Obsidian does not require user confirmation for non-http/https URLs. Critical
CVE-2021-38148 was published for obsidian (npm) May 24, 2022
Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to... Critical Unreviewed
CVE-2021-32523 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API