GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,305 advisories
Filter by severity
Oqtane Framework Insecure Direct Object Reference vulnerability
Low
CVE-2024-55186
was published
for
Oqtane.Client
(NuGet)
Dec 20, 2024
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
Moderate
Unreviewed
CVE-2024-56350
was published
Dec 20, 2024
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of...
Moderate
Unreviewed
CVE-2024-56348
was published
Dec 20, 2024
Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This...
Moderate
Unreviewed
CVE-2024-12831
was published
Dec 20, 2024
Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android...
Critical
Unreviewed
CVE-2023-4617
was published
Dec 19, 2024
TShock Security Escalation Exploit
High
GHSA-hvm9-wc8j-mgrc
was published
for
TShock
(NuGet)
Dec 18, 2024
Elasticsearch Incorrect Authorization vulnerability
Moderate
CVE-2024-12539
was published
for
org.elasticsearch:elasticsearch
(Maven)
Dec 17, 2024
Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf...
Critical
Unreviewed
CVE-2024-54662
was published
Dec 17, 2024
The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in...
Low
Unreviewed
CVE-2024-9654
was published
Dec 17, 2024
Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a...
High
Unreviewed
CVE-2024-37775
was published
Dec 17, 2024
An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5...
Moderate
Unreviewed
CVE-2024-8116
was published
Dec 16, 2024
An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5...
Moderate
Unreviewed
CVE-2024-8650
was published
Dec 16, 2024
XWiki allows remote code execution through the extension sheet
Critical
CVE-2024-55662
was published
for
org.xwiki.platform:xwiki-platform-repository-server-ui
(Maven)
Dec 12, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6...
Low
Unreviewed
CVE-2024-10043
was published
Dec 12, 2024
The issue was addressed with improved permissions logic. This issue is fixed in macOS Sequoia 15...
Moderate
Unreviewed
CVE-2024-54495
was published
Dec 12, 2024
An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An...
High
Unreviewed
CVE-2024-55579
was published
Dec 9, 2024
Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x <= 9.9.2 fail to properly propagate...
Moderate
Unreviewed
CVE-2024-12247
was published
Dec 5, 2024
Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier...
Moderate
Unreviewed
CVE-2024-12196
was published
Dec 4, 2024
Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and...
Moderate
Unreviewed
CVE-2024-12148
was published
Dec 4, 2024
Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance...
Moderate
Unreviewed
CVE-2023-52943
was published
Dec 4, 2024
Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance...
Moderate
Unreviewed
CVE-2023-52944
was published
Dec 4, 2024
A vulnerability exists where a low-privileged user can exploit insufficient permissions in...
High
Unreviewed
CVE-2024-45204
was published
Dec 4, 2024
A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent...
High
Unreviewed
CVE-2024-42452
was published
Dec 4, 2024
Apache Ozone: Improper authentication when generating S3 secrets
High
CVE-2024-45106
was published
for
org.apache.ozone:ozone
(Maven)
Dec 3, 2024
An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware...
High
Unreviewed
CVE-2024-53937
was published
Dec 3, 2024
ProTip!
Advisories are also available from the
GraphQL API