GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,934
Maven
5,000+
npm
3,668
NuGet
642
pip
3,287
Pub
10
RubyGems
873
Rust
828
Swift
35
Unreviewed advisories
All unreviewed
5,000+
51 advisories
Filter by severity
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions
Critical
CVE-2024-25108
was published
for
pixelfed/pixelfed
(Composer)
Feb 12, 2024
Parameter verification vulnerability in the installd module. Successful exploitation of this...
Critical
Unreviewed
CVE-2023-39399
was published
Aug 13, 2023
Parameter verification vulnerability in the installd module. Successful exploitation of this...
Critical
Unreviewed
CVE-2023-39398
was published
Aug 13, 2023
Parameter verification vulnerability in the installd module. Successful exploitation of this...
Critical
Unreviewed
CVE-2023-39403
was published
Aug 13, 2023
Parameter verification vulnerability in the installd module. Successful exploitation of this...
Critical
Unreviewed
CVE-2023-39401
was published
Aug 13, 2023
Parameter verification vulnerability in the installd module. Successful exploitation of this...
Critical
Unreviewed
CVE-2023-39400
was published
Aug 13, 2023
Parameter verification vulnerability in the installd module. Successful exploitation of this...
Critical
Unreviewed
CVE-2023-39402
was published
Aug 13, 2023
Improper Authorization and Origin Validation Error in OneFuzz
Critical
CVE-2021-37705
was published
for
onefuzz
(pip)
Aug 13, 2021
Authorization bypass in Spring Security
Critical
CVE-2022-22978
was published
for
org.springframework.security:spring-security-core
(Maven)
May 20, 2022
Improper Authorization in modoboa
Critical
CVE-2023-2227
was published
for
modoboa
(pip)
Apr 21, 2023
lunary-ai/lunary allows users unauthorized access to projects
Critical
CVE-2024-4146
was published
for
lunary
(npm)
Jun 8, 2024
DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php.
Critical
Unreviewed
CVE-2024-33749
was published
May 6, 2024
An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an...
Critical
Unreviewed
CVE-2024-36130
was published
Aug 7, 2024
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter...
Critical
Unreviewed
CVE-2024-34257
was published
May 8, 2024
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application,...
Critical
Unreviewed
CVE-2024-3033
was published
Jun 6, 2024
Obsidian does not require user confirmation for non-http/https URLs.
Critical
CVE-2021-38148
was published
for
obsidian
(npm)
May 24, 2022
lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members...
Critical
Unreviewed
CVE-2024-1741
was published
Apr 10, 2024
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS...
Critical
Unreviewed
CVE-2023-30467
was published
Apr 28, 2023
Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication...
Critical
Unreviewed
CVE-2022-3748
was published
Apr 14, 2023
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an...
Critical
Unreviewed
CVE-2019-13550
was published
May 24, 2022
Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized...
Critical
Unreviewed
CVE-2018-14670
was published
May 24, 2022
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches...
Critical
Unreviewed
CVE-2019-1912
was published
May 24, 2022
A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS...
Critical
Unreviewed
CVE-2023-20186
was published
Sep 27, 2023
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows...
Critical
Unreviewed
CVE-2022-0993
was published
Apr 20, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21693
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API