GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,055 advisories
Filter by severity
Moodle Bypass email verification secret when confirming account registration
Moderate
CVE-2021-20282
was published
for
moodle/moodle
(Composer)
May 24, 2022
Moodle Logged in users could view all calendar events
Moderate
CVE-2019-3848
was published
for
moodle/moodle
(Composer)
May 13, 2022
Incorrect Authorization in Dolibarr
High
CVE-2020-12669
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Argo CD's API server does not enforce project sourceNamespaces
Moderate
CVE-2024-31990
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Apr 15, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16...
Moderate
Unreviewed
CVE-2024-4006
was published
Apr 25, 2024
EC-CUBE Improper access control in Management screen
Moderate
CVE-2021-20841
was published
for
ec-cube/ec-cube
(Composer)
Nov 25, 2021
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU...
High
Unreviewed
CVE-2021-20599
was published
May 24, 2022
Duplicate Advisory: Unauthorized privilege escalation in Mod module
High
GHSA-q886-75m2-vff8
was published
for
red-discordbot
(pip)
May 24, 2022
•
withdrawn
trytond Incorrect Authorization vulnerability
High
CVE-2012-2238
was published
for
trytond
(pip)
Apr 23, 2022
A vulnerability exists in the web-authentication component of the SDM600. If exploited an...
High
Unreviewed
CVE-2024-2378
was published
Apr 30, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management
Moderate
CVE-2024-28098
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Mar 12, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
Moderate
CVE-2024-29834
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Apr 2, 2024
Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation...
Moderate
Unreviewed
CVE-2023-42124
was published
May 3, 2024
Drupal editor module incorrectly checks access to inline private files
High
CVE-2017-6377
was published
for
drupal/core
(Composer)
May 13, 2022
Apache Superset Incorrect Authorization vulnerability
Moderate
CVE-2024-28148
was published
for
apache-superset
(pip)
May 7, 2024
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
High
CVE-2024-34346
was published
for
deno
(Rust)
May 8, 2024
OpenStack Identity service (keystone) Incorrect Authorization
High
CVE-2017-2673
was published
for
keystone
(pip)
May 13, 2022
openstack-barbican Denial of Service vulnerability
Moderate
CVE-2022-23452
was published
for
barbican
(pip)
Sep 2, 2022
Ant Media Server does not properly authorize non-administrative API calls
Moderate
CVE-2024-3462
was published
for
io.antmedia:ant-media-server
(Maven)
May 14, 2024
Grafana Fine-grained access control vulnerability
Critical
CVE-2021-41244
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana API IDOR
Moderate
CVE-2022-21713
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter ...
Moderate
Unreviewed
CVE-2024-34434
was published
May 17, 2024
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker...
High
Unreviewed
CVE-2021-40655
was published
May 24, 2022
MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64...
High
Unreviewed
CVE-2024-3745
was published
May 18, 2024
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).
Critical
Unreviewed
CVE-2022-26501
was published
Mar 18, 2022
ProTip!
Advisories are also available from the
GraphQL API