GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
114 advisories
Filter by severity
RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission
High
CVE-2024-51988
was published
for
rabbit_common
(Erlang)
Nov 6, 2024
Magento Open Source Improper Access Control vulnerability
High
CVE-2024-45118
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Mautic vulnerable to Improper Access Control in UI upgrade process
High
CVE-2022-25768
was published
for
mautic/core
(Composer)
Sep 18, 2024
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default
High
CVE-2024-6221
was published
for
Flask-Cors
(pip)
Aug 18, 2024
RBAC Roles for `etcd` created by Kamaji are not disjunct
High
CVE-2024-42480
was published
for
github.com/clastix/kamaji
(Go)
Aug 12, 2024
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm
High
GHSA-6vjm-54vp-mxhx
was published
for
github.com/juju/juju
(Go)
Aug 5, 2024
Mattermost allows unsolicited invites to expose access to local channels
High
CVE-2024-39777
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost failed to disallow the modification of local users when syncing users in shared channels
High
CVE-2024-36492
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel
High
CVE-2024-39274
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Studio 42 elFinder vulnerable to Incorrect Access Control
High
CVE-2024-38909
was published
for
studio-42/elfinder
(Composer)
Jul 30, 2024
BookStack Incorrect Access Control vulnerability
High
CVE-2024-36676
was published
for
ssddanbrown/bookstack
(Composer)
Jul 10, 2024
Keycloak's admin API allows low privilege users to use administrative functions
High
CVE-2024-3656
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 11, 2024
Authlib has algorithm confusion with asymmetric public keys
High
CVE-2024-37568
was published
for
authlib
(pip)
Jun 9, 2024
karmada vulnerable to arbitrary code execution via a crafted command
High
CVE-2024-33396
was published
for
github.com/karmada-io/karmada
(Go)
May 2, 2024
Rancher's Steve API Component Improper authorization check allows privilege escalation
High
CVE-2021-36776
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication
High
CVE-2021-36775
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Access Restriction Bypass in go-ipfs
High
CVE-2020-10937
was published
for
github.com/ipfs/go-ipfs
(Go)
Apr 24, 2024
Dolibarr vulnerable to Cross-Site Request Forgery
High
CVE-2024-31503
was published
for
dolibarr/dolibarr
(Composer)
Apr 17, 2024
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
High
CVE-2024-22234
was published
for
org.springframework.security:spring-security-core
(Maven)
Feb 20, 2024
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
High
CVE-2024-25121
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
Graylog vulnerable to instantiation of arbitrary classes triggered by API request
High
CVE-2024-24824
was published
for
org.graylog2:graylog2-server
(Maven)
Feb 7, 2024
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
High
CVE-2024-23331
was published
for
vite
(npm)
Jan 19, 2024
Sandbox escape in Artemis Java Test Sandbox
High
CVE-2024-23681
was published
for
de.tum.in.ase:artemis-java-test-sandbox
(Maven)
Jan 19, 2024
EverShop at risk to unauthorized access via weak HMAC secret
High
CVE-2023-46943
was published
for
@evershop/evershop
(npm)
Jan 13, 2024
pyload Unauthenticated Flask Configuration Leakage vulnerability
High
CVE-2024-21644
was published
for
pyload-ng
(pip)
Jan 8, 2024
ProTip!
Advisories are also available from the
GraphQL API