Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,412
Erlang
33
GitHub Actions
22
Go
2,148
Maven
5,000+
npm
3,814
NuGet
689
pip
3,487
Pub
12
RubyGems
901
Rust
900
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

259 advisories

Loading
Infoblox NIOS through 8.6.4 has Improper Access Control for Grids. Critical Unreviewed
CVE-2024-37567 was published Feb 28, 2025
Infoblox NIOS through 8.6.4 has Improper Authentication for Grids. Critical Unreviewed
CVE-2024-37566 was published Feb 28, 2025
Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access Control via the access... Critical Unreviewed
CVE-2020-35546 was published Feb 19, 2025
Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote... Critical Unreviewed
CVE-2024-57249 was published Feb 7, 2025
The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable... Critical Unreviewed
CVE-2024-10124 was published Dec 12, 2024
Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2023-51644 was published Nov 22, 2024
Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox... Critical Unreviewed
CVE-2023-29121 was published Nov 5, 2024
In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability... Critical Unreviewed
CVE-2024-7474 was published Oct 29, 2024
An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to... Critical Unreviewed
CVE-2024-7475 was published Oct 29, 2024
TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a... Critical Unreviewed
CVE-2023-26770 was published Oct 4, 2024
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0... Critical Unreviewed
CVE-2024-45519 was published Oct 3, 2024
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4... Critical Unreviewed
CVE-2024-42514 was published Oct 1, 2024
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands... Critical Unreviewed
CVE-2024-46627 was published Sep 26, 2024
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in... Critical Unreviewed
CVE-2024-42797 was published Sep 25, 2024
Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run... Critical Unreviewed
CVE-2024-45489 was published Sep 20, 2024
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties... Critical Unreviewed
CVE-2024-46937 was published Sep 16, 2024
Azure Stack Hub Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2024-38220 was published Sep 10, 2024
Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality,... Critical Unreviewed
CVE-2024-8584 was published Sep 9, 2024
Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting... Critical Unreviewed
CVE-2024-45522 was published Sep 2, 2024
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access... Critical Unreviewed
CVE-2024-45509 was published Sep 2, 2024
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an... Critical Unreviewed
CVE-2024-7954 was published Aug 23, 2024
An improper access control vulnerability has been identified in the SonicWall SonicOS management... Critical Unreviewed
CVE-2024-40766 was published Aug 23, 2024
An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in... Critical Unreviewed
CVE-2024-42775 was published Aug 22, 2024
An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra... Critical Unreviewed
CVE-2024-38175 was published Aug 20, 2024
eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via... Critical Unreviewed
CVE-2024-42919 was published Aug 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database