GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,643
NuGet
638
pip
3,259
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,055 advisories
Filter by severity
A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16...
Moderate
Unreviewed
CVE-2024-1299
was published
Mar 7, 2024
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage...
Moderate
Unreviewed
CVE-2024-28174
was published
Mar 6, 2024
Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
High
CVE-2024-27933
was published
for
deno
(Rust)
Mar 6, 2024
1Panel open source panel project has an unauthorized vulnerability.
Moderate
CVE-2024-27288
was published
for
github.com/1Panel-dev/1Panel
(Go)
Mar 6, 2024
Sulu grants access to pages regardless of role permissions
Moderate
CVE-2024-27915
was published
for
sulu/sulu
(Composer)
Mar 4, 2024
Apache Archiva Incorrect Authorization vulnerability
High
CVE-2024-27138
was published
for
org.apache.archiva:archiva
(Maven)
Mar 1, 2024
Apache Archiva Incorrect Authorization vulnerability
High
CVE-2024-27139
was published
for
org.apache.archiva:archiva
(Maven)
Mar 1, 2024
IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user...
Moderate
Unreviewed
CVE-2023-47716
was published
Mar 1, 2024
Apache Superset: Improper authorization validation on dashboards and charts import
Moderate
CVE-2024-26016
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper data authorization when creating a new dataset
Moderate
CVE-2024-24779
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
Moderate
CVE-2024-24773
was published
for
apache-superset
(pip)
Feb 28, 2024
Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3...
Moderate
Unreviewed
CVE-2024-25604
was published
Feb 20, 2024
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before...
Moderate
Unreviewed
CVE-2024-25149
was published
Feb 20, 2024
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed...
High
Unreviewed
CVE-2024-1482
was published
Feb 14, 2024
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role...
Moderate
Unreviewed
CVE-2024-24966
was published
Feb 14, 2024
Email Validation Bypass And Preventing Sign Up From Email's Owner
Moderate
CVE-2023-6152
was published
for
github.com/grafana/grafana
(Go)
Feb 13, 2024
Mattermost Jira Plugin does not properly check security levels
Low
CVE-2024-24774
was published
for
github.com/mattermost/mattermost-plugin-jira
(Go)
Feb 9, 2024
Improper authorization verification vulnerability in Samsung Internet prior to version 24.0...
Low
Unreviewed
CVE-2024-20828
was published
Feb 6, 2024
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up...
Moderate
Unreviewed
CVE-2023-6963
was published
Feb 6, 2024
phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes
Moderate
CVE-2024-22208
was published
for
phpmyfaq/phpmyfaq
(Composer)
Feb 5, 2024
An incorrect authorization vulnerability has been reported to affect several QNAP operating...
Moderate
Unreviewed
CVE-2023-32967
was published
Feb 2, 2024
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an...
High
Unreviewed
CVE-2023-47142
was published
Feb 2, 2024
Privilege Escalation in HashiCorp Consul
Moderate
CVE-2020-28053
was published
for
github.com/hashicorp/consul
(Go)
Jan 31, 2024
Buildkit's interactive containers API does not validate entitlements check
Critical
CVE-2024-23653
was published
for
github.com/moby/buildkit
(Go)
Jan 31, 2024
Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute...
High
Unreviewed
CVE-2024-22938
was published
Jan 30, 2024
ProTip!
Advisories are also available from the
GraphQL API