GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
267 advisories
Filter by severity
Authentication Bypass by Spoofing vulnerability in Filipe Seabra WordPress Manutenção allows...
Low
Unreviewed
CVE-2024-22139
was published
May 17, 2024
Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows...
Moderate
Unreviewed
CVE-2024-25595
was published
May 17, 2024
Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate Review allows Functionality...
Moderate
Unreviewed
CVE-2024-21746
was published
May 17, 2024
Authentication Bypass by Spoofing vulnerability in WP Happy Coders Comments Like Dislike allows...
Moderate
Unreviewed
CVE-2024-25906
was published
May 17, 2024
Grafana Escalation from admin to server admin when auth proxy is used
Moderate
CVE-2022-35957
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
High
CVE-2024-32977
was published
for
OctoPrint
(pip)
May 14, 2024
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a...
Moderate
Unreviewed
CVE-2024-34397
was published
May 7, 2024
TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This...
Moderate
Unreviewed
CVE-2023-50224
was published
May 3, 2024
TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This...
Moderate
Unreviewed
CVE-2023-44447
was published
May 3, 2024
Jenkins Script Security Plugin sandbox bypass vulnerability
High
CVE-2024-34145
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 2, 2024
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions...
Moderate
Unreviewed
CVE-2024-1347
was published
Apr 25, 2024
cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by...
High
Unreviewed
CVE-2024-33531
was published
Apr 24, 2024
Apache HugeGraph-Server: Bypass whitelist in Auth mode
High
CVE-2024-27349
was published
for
org.apache.hugegraph:hugegraph-api
(Maven)
Apr 22, 2024
Keycloak vulnerable to impersonation via logout token exchange
Low
CVE-2023-0657
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a...
Moderate
Unreviewed
CVE-2024-3843
was published
Apr 17, 2024
An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information...
Moderate
Unreviewed
CVE-2024-31784
was published
Apr 16, 2024
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an...
Moderate
Unreviewed
CVE-2024-23558
was published
Apr 15, 2024
Apache Zeppelin: Replacing other users notebook, bypassing any permissions
Moderate
CVE-2024-31863
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748...
Moderate
Unreviewed
CVE-2024-30190
was published
Apr 9, 2024
A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748...
High
Unreviewed
CVE-2024-30191
was published
Apr 9, 2024
A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) (All versions),...
Moderate
Unreviewed
CVE-2024-30189
was published
Apr 9, 2024
Ollama DNS rebinding vulnerability
High
CVE-2024-28224
was published
for
github.com/ollama/ollama
(Go)
Apr 8, 2024
By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it...
Unknown
Unreviewed
CVE-2024-29006
was published
Apr 4, 2024
An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code...
Moderate
Unreviewed
CVE-2024-31008
was published
Apr 3, 2024
in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification...
High
Unreviewed
CVE-2024-22092
was published
Apr 2, 2024
ProTip!
Advisories are also available from the
GraphQL API