Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,462
Erlang
33
GitHub Actions
22
Go
2,159
Maven
5,000+
npm
3,820
NuGet
696
pip
3,502
Pub
12
RubyGems
903
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

591 advisories

Loading
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low... Moderate Unreviewed
CVE-2024-20441 was published Oct 2, 2024
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W,... High Unreviewed
CVE-2024-20393 was published Oct 2, 2024
A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been... Moderate Unreviewed
CVE-2024-9297 was published Sep 28, 2024
A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow... Moderate Unreviewed
CVE-2024-20414 was published Sep 25, 2024
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as... Moderate Unreviewed
CVE-2024-9082 was published Sep 22, 2024
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission Moderate
CVE-2024-46989 was published for github.com/authzed/spicedb (Go) Sep 18, 2024
tim-mod
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows... High Unreviewed
CVE-2024-43460 was published Sep 17, 2024
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries High
CVE-2024-46942 was published for org.opendaylight.mdsal:mdsal-artifacts (Maven) Sep 16, 2024
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability Moderate
CVE-2024-46943 was published for org.opendaylight.aaa:aaa-artifacts (Maven) Sep 16, 2024
An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an... Moderate Unreviewed
CVE-2024-6840 was published Sep 12, 2024
A vulnerability in the JSON-RPC API feature in ConfD that is used by the web-based management... High Unreviewed
CVE-2024-20381 was published Sep 11, 2024
Microsoft Outlook for iOS Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-43482 was published Sep 10, 2024
Windows Remote Desktop Licensing Service Denial of Service Vulnerability Moderate Unreviewed
CVE-2024-38231 was published Sep 10, 2024
Improper Authentication, Missing Authentication for Critical Function, Improper Authorization... High Unreviewed
CVE-2024-7015 was published Sep 9, 2024
A vulnerability was found in Forklift Controller.  There is no verification against the... High Unreviewed
CVE-2024-8509 was published Sep 6, 2024
A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote... Moderate Unreviewed
CVE-2024-20497 was published Sep 4, 2024
BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in... Moderate Unreviewed
CVE-2024-34463 was published Sep 3, 2024
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin... Moderate Unreviewed
CVE-2024-5053 was published Sep 1, 2024
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability Moderate
CVE-2024-45043 was published for github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver (Go) Aug 29, 2024
DouglasHeriot Aneurysm9
arminru
Powermail TYPO3 extension Broken Access Control in the OutputController Moderate
CVE-2024-45233 was published for in2code/powermail (Composer) Aug 29, 2024
Flowise Authentication Bypass vulnerability High
CVE-2024-8181 was published for flowise (npm) Aug 27, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window Moderate
CVE-2024-45244 was published for github.com/hyperledger/fabric (Go) Aug 25, 2024
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints Critical
CVE-2024-42490 was published for goauthentik.io (Go) Aug 22, 2024
m2a2
A vulnerability has been found in SourceCodester Yoga Class Registration System 1.0 and... Moderate Unreviewed
CVE-2024-7851 was published Aug 16, 2024
* Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU... Moderate Unreviewed
CVE-2024-6347 was published Aug 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database