GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,107
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,659
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
47 advisories
Filter by severity
Certain switch models from PLANET Technology have an SSH service that improperly handles...
High
Unreviewed
CVE-2024-8451
was published
Sep 30, 2024
anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and...
Critical
Unreviewed
CVE-2024-7314
was published
Aug 2, 2024
Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm...
High
Unreviewed
CVE-2024-36451
was published
Jul 10, 2024
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
Moderate
CVE-2024-39691
was published
for
matrix-appservice-irc
(npm)
Jul 5, 2024
Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower,...
High
Unreviewed
CVE-2024-6302
was published
Jun 25, 2024
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user...
Critical
Unreviewed
CVE-2024-5163
was published
Jun 17, 2024
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`
Moderate
CVE-2024-35228
was published
for
wagtail
(pip)
Jun 2, 2024
Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects
Moderate
CVE-2024-36112
was published
for
nautobot
(pip)
May 29, 2024
Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.
Low
Unreviewed
CVE-2024-29852
was published
May 23, 2024
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the...
Moderate
Unreviewed
CVE-2024-35301
was published
May 16, 2024
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in...
High
Unreviewed
CVE-2024-27837
was published
May 14, 2024
In onCreate of WifiDialogActivity.java, there is a possible way to bypass the...
High
Unreviewed
CVE-2024-23704
was published
May 7, 2024
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`
Low
CVE-2024-32882
was published
for
wagtail
(pip)
May 1, 2024
In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during...
High
Unreviewed
CVE-2024-32488
was published
Apr 15, 2024
Mautic Sensitive Data Exposure due to inadequate user permission settings
High
CVE-2022-25776
was published
for
mautic/core
(Composer)
Apr 12, 2024
Matrix IRC Bridge truncated content of messages can be leaked
Moderate
CVE-2024-32000
was published
for
matrix-appservice-irc
(npm)
Apr 11, 2024
Vulnerability of package name verification being bypassed in the HwIms module.
Impact: Successful...
High
Unreviewed
CVE-2023-52537
was published
Apr 8, 2024
Vulnerability of insufficient permission verification in the app management module.
Impact:...
High
Unreviewed
CVE-2024-30418
was published
Apr 7, 2024
there is a possible way to bypass due to a logic error in the code. This could lead to local...
High
Unreviewed
CVE-2024-29748
was published
Apr 5, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS...
High
Unreviewed
CVE-2023-42931
was published
Mar 28, 2024
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before....
High
Unreviewed
CVE-2024-22078
was published
Mar 20, 2024
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The...
Moderate
Unreviewed
CVE-2024-22077
was published
Mar 20, 2024
A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors....
Moderate
Unreviewed
CVE-2024-0560
was published
Feb 28, 2024
In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission...
Critical
Unreviewed
CVE-2024-1608
was published
Feb 20, 2024
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions
Critical
CVE-2024-25108
was published
for
pixelfed/pixelfed
(Composer)
Feb 12, 2024
ProTip!
Advisories are also available from the
GraphQL API