GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,643
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,055 advisories
Filter by severity
Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to...
Moderate
Unreviewed
CVE-2024-34651
was published
Sep 4, 2024
Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local...
Moderate
Unreviewed
CVE-2024-34650
was published
Sep 4, 2024
Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to...
Moderate
Unreviewed
CVE-2024-34652
was published
Sep 4, 2024
Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers...
Moderate
Unreviewed
CVE-2024-34642
was published
Sep 4, 2024
Incorrect Authorization in calibreweb
Moderate
CVE-2022-0273
was published
for
calibreweb
(pip)
Jan 31, 2022
Supplementary groups are not set up properly in github.com/containerd/containerd
Moderate
CVE-2023-25173
was published
for
github.com/containerd/containerd
(Go)
Feb 16, 2023
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to...
Low
Unreviewed
CVE-2024-44114
was published
Sep 10, 2024
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization...
Moderate
Unreviewed
CVE-2024-42423
was published
Sep 10, 2024
An access control vulnerability was discovered in the Reports section due to a specific access...
Moderate
Unreviewed
CVE-2024-4465
was published
Sep 11, 2024
Apache Airflow Incorrect Authorization vulnerability
Moderate
CVE-2023-35908
was published
for
apache-airflow
(pip)
Jul 12, 2023
Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within...
Low
Unreviewed
CVE-2024-8011
was published
Aug 25, 2024
A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a...
Moderate
Unreviewed
CVE-2024-8691
was published
Sep 11, 2024
SaToken authentication bypass vulnerability
High
CVE-2023-43961
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
Apache Airflow Incorrect Authorization vulnerability
Moderate
CVE-2023-40611
was published
for
apache-airflow
(pip)
Sep 12, 2023
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5...
Moderate
Unreviewed
CVE-2024-2743
was published
Sep 12, 2024
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes
Moderate
CVE-2023-47037
was published
for
apache-airflow
(pip)
Nov 12, 2023
changedetection.io API endpoint is not secured with API token
Low
CVE-2024-23329
was published
for
changedetection.io
(pip)
Jan 23, 2024
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
High
CVE-2021-40325
was published
for
cobbler
(pip)
Oct 5, 2021
A vulnerability was found in subscription-manager that allows local privilege escalation due to...
High
Unreviewed
CVE-2023-3899
was published
Aug 23, 2023
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password...
Critical
Unreviewed
CVE-2021-3833
was published
May 24, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x...
Critical
Unreviewed
CVE-2022-30311
was published
Jun 14, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web...
Critical
Unreviewed
CVE-2022-30309
was published
Jun 14, 2022
Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42...
High
Unreviewed
CVE-2022-1401
was published
Aug 18, 2022
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed...
Moderate
Unreviewed
CVE-2024-5817
was published
Jul 17, 2024
ProTip!
Advisories are also available from the
GraphQL API