GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
519 advisories
Filter by severity
Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below,...
Moderate
Unreviewed
CVE-2024-23665
was published
Jun 3, 2024
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6...
High
Unreviewed
CVE-2024-23670
was published
Jun 3, 2024
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6...
High
Unreviewed
CVE-2024-23667
was published
Jun 3, 2024
FOSUserBundle User Identity Validation Vulnerability
Moderate
GHSA-8wx3-8m4x-g5h4
was published
for
friendsofsymfony/user-bundle
(Composer)
May 15, 2024
Certain MQTT wildcards are not blocked on the
CyberPower PowerPanel
system, which might result...
Moderate
Unreviewed
CVE-2024-31409
was published
May 15, 2024
eZ Publish Legacy Passwordless login for LDAP users
High
GHSA-p9mp-vq4v-v5m5
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been...
Moderate
Unreviewed
CVE-2024-4819
was published
May 14, 2024
Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service,...
High
Unreviewed
CVE-2024-23576
was published
May 14, 2024
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter...
Critical
Unreviewed
CVE-2024-34257
was published
May 8, 2024
DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php.
Critical
Unreviewed
CVE-2024-33749
was published
May 6, 2024
A PendingIntent hijacking vulnerability was reported in the Motorola Face Unlock application...
Moderate
Unreviewed
CVE-2023-41819
was published
May 3, 2024
D-Link D-View showUsers Improper Authorization Privilege Escalation Vulnerability. This...
High
Unreviewed
CVE-2023-44410
was published
May 3, 2024
D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability. This...
High
Unreviewed
CVE-2023-32168
was published
May 3, 2024
An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute...
Moderate
Unreviewed
CVE-2024-32359
was published
May 2, 2024
A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight...
High
Unreviewed
CVE-2023-47166
was published
May 1, 2024
An incorrect authorization vulnerability has been reported to affect several QNAP operating...
High
Unreviewed
CVE-2023-50363
was published
Apr 26, 2024
Quarkus: authorization flaw in quarkus resteasy reactive and classic
Moderate
CVE-2023-5675
was published
for
io.quarkus:quarkus-resteasy-reactive-common
(Maven)
Apr 25, 2024
A race condition flaw was found in sssd where the GPO policy is not consistently applied for...
High
Unreviewed
CVE-2023-3758
was published
Apr 18, 2024
Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed...
Moderate
Unreviewed
CVE-2024-3840
was published
Apr 17, 2024
OpenFGA Authorization Bypass
High
CVE-2024-31452
was published
for
github.com/openfga/openfga
(Go)
Apr 16, 2024
lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members...
Critical
Unreviewed
CVE-2024-1741
was published
Apr 10, 2024
Azure Migrate Remote Code Execution Vulnerability
Moderate
Unreviewed
CVE-2024-26193
was published
Apr 9, 2024
Permission verification vulnerability in the Settings module.
Impact: Successful exploitation of...
High
Unreviewed
CVE-2023-52539
was published
Apr 8, 2024
A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Affected...
Moderate
Unreviewed
CVE-2024-3434
was published
Apr 8, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Low
CVE-2024-30260
was published
for
undici
(npm)
Apr 4, 2024
ProTip!
Advisories are also available from the
GraphQL API