GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
87 advisories
Filter by severity
Oqtane Framework Incorrect Access Control vulnerability
High
CVE-2024-55470
was published
for
Oqtane.Framework
(NuGet)
Dec 20, 2024
Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested....
High
Unreviewed
CVE-2024-50380
was published
Dec 2, 2024
A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them...
High
Unreviewed
CVE-2024-36466
was published
Nov 28, 2024
CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of...
High
Unreviewed
CVE-2024-8935
was published
Nov 13, 2024
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This...
High
Unreviewed
CVE-2024-10465
was published
Oct 29, 2024
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This...
High
Unreviewed
CVE-2024-10462
was published
Oct 29, 2024
Zendesk before 2024-07-02 allows remote attackers to read ticket history via e-mail spoofing,...
High
Unreviewed
CVE-2024-49193
was published
Oct 12, 2024
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the...
High
Unreviewed
CVE-2024-44104
was published
Sep 10, 2024
Apache SeaTunnel Web Authentication vulnerability
High
CVE-2023-48396
was published
for
org.apache.seatunnel:seatunnel-web
(Maven)
Jul 30, 2024
The CloudStack SAML authentication (disabled by default) does not enforce signature check. In...
High
Unreviewed
CVE-2024-41107
was published
Jul 19, 2024
PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured...
High
Unreviewed
CVE-2023-40702
was published
Jul 9, 2024
PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA...
High
Unreviewed
CVE-2023-40356
was published
Jul 9, 2024
A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can...
High
Unreviewed
CVE-2024-5037
was published
Jun 5, 2024
Grafana Escalation from admin to server admin when auth proxy is used
High
CVE-2022-35957
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
High
CVE-2024-32977
was published
for
OctoPrint
(pip)
May 14, 2024
Jenkins Script Security Plugin sandbox bypass vulnerability
High
CVE-2024-34145
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 2, 2024
cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by...
High
Unreviewed
CVE-2024-33531
was published
Apr 24, 2024
Apache HugeGraph-Server: Bypass whitelist in Auth mode
High
CVE-2024-27349
was published
for
org.apache.hugegraph:hugegraph-api
(Maven)
Apr 22, 2024
A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748...
High
Unreviewed
CVE-2024-30191
was published
Apr 9, 2024
Ollama DNS rebinding vulnerability
High
CVE-2024-28224
was published
for
github.com/ollama/ollama
(Go)
Apr 8, 2024
in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification...
High
Unreviewed
CVE-2024-22092
was published
Apr 2, 2024
Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS...
High
Unreviewed
CVE-2024-22457
was published
Mar 1, 2024
SMTP smuggling in Apache James
High
CVE-2023-51747
was published
for
org.apache.james:james-server
(Maven)
Feb 27, 2024
An inconsistent user interface issue was addressed with improved state management. This issue is...
High
Unreviewed
CVE-2023-42843
was published
Feb 21, 2024
When opening a website using the `firefox://` protocol handler, SameSite cookies were not...
High
Unreviewed
CVE-2024-1555
was published
Feb 20, 2024
ProTip!
Advisories are also available from the
GraphQL API