GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
555 advisories
Filter by severity
There is an improper authorization vulnerability in some Huawei smartphones. An attacker could...
Low
Unreviewed
CVE-2020-9081
was published
Dec 27, 2024
The Download Manager plugin for WordPress is vulnerable to unauthorized download of password...
Moderate
Unreviewed
CVE-2024-11768
was published
Dec 19, 2024
Next.js authorization bypass vulnerability
High
CVE-2024-51479
was published
for
next
(npm)
Dec 17, 2024
Potential Vulnerabilities Due to Outdated golang.org/x/crypto Dependency in NanoProxy
High
GHSA-7prj-hgx4-2xc3
was published
for
github.com/ryanbekhen/nanoproxy
(Go)
Dec 12, 2024
Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access
High
CVE-2024-55633
was published
for
apache-superset
(pip)
Dec 12, 2024
A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This...
Moderate
Unreviewed
CVE-2024-12483
was published
Dec 12, 2024
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Critical
CVE-2024-45337
was published
for
golang.org/x/crypto
(Go)
Dec 11, 2024
kcp's impersonation allows access to global administrative groups
Moderate
GHSA-c7xh-gjv4-4jgv
was published
for
github.com/kcp-dev/kcp
(Go)
Dec 11, 2024
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization...
Moderate
Unreviewed
CVE-2024-43731
was published
Dec 11, 2024
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization...
Moderate
Unreviewed
CVE-2024-43729
was published
Dec 11, 2024
Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled
High
CVE-2024-53949
was published
for
apache-superset
(pip)
Dec 9, 2024
An authenticated user with API access (e.g.: user with default User role), more specifically a...
High
Unreviewed
CVE-2024-36467
was published
Nov 27, 2024
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access
Moderate
CVE-2024-8676
was published
for
github.com/cri-o/cri-o
(Go)
Nov 26, 2024
The Booking & Appointment Plugin for WooCommerce plugin for WordPress is vulnerable to...
High
Unreviewed
CVE-2024-10729
was published
Nov 26, 2024
Moodle allows users to retrieve information they did not have permission to access
Moderate
CVE-2024-45689
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Moodle Lesson activity password bypass through PHP loose comparison
Moderate
CVE-2024-45691
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM)...
Moderate
Unreviewed
CVE-2020-3539
was published
Nov 18, 2024
moodle: IDOR in edit/delete RSS feed
Moderate
CVE-2024-48897
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
moodle: IDOR when fetching report schedules
Moderate
CVE-2024-48901
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
Improper Authorization in dolibarr/dolibarr
Moderate
CVE-2021-3991
was published
for
dolibarr/dolibarr
(Composer)
Nov 15, 2024
Harbor fails to validate the user permissions when updating p2p preheat policies
High
CVE-2022-31668
was published
for
github.com/goharbor/harbor
(Go)
Nov 14, 2024
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin
High
CVE-2024-52551
was published
for
org.jenkinsci.plugins:pipeline-model-parent
(Maven)
Nov 13, 2024
Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin
High
CVE-2024-52550
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Nov 13, 2024
Azure CycleCloud Remote Code Execution Vulnerability
Critical
Unreviewed
CVE-2024-43602
was published
Nov 12, 2024
A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This...
Moderate
Unreviewed
CVE-2024-10598
was published
Nov 1, 2024
ProTip!
Advisories are also available from the
GraphQL API