GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
177 advisories
Filter by severity
Improper Authorization in dolibarr/dolibarr
Moderate
CVE-2021-3991
was published
for
dolibarr/dolibarr
(Composer)
Nov 15, 2024
Harbor fails to validate the user permissions when updating p2p preheat policies
High
CVE-2022-31668
was published
for
github.com/goharbor/harbor
(Go)
Nov 14, 2024
Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin
High
CVE-2024-52550
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Nov 13, 2024
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin
High
CVE-2024-52551
was published
for
org.jenkinsci.plugins:pipeline-model-parent
(Maven)
Nov 13, 2024
Kyverno's PolicyException objects can be created in any namespace by default
High
CVE-2024-48921
was published
for
github.com/kyverno/kyverno
(Go)
Oct 29, 2024
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications
Critical
CVE-2024-38821
was published
for
org.springframework.security:spring-security-web
(Maven)
Oct 28, 2024
SAK-50571 Sakai Kernel users created with type roleview can login as a normal user
High
CVE-2024-47876
was published
for
org.sakaiproject.kernel:sakai-kernel-impl
(Maven)
Oct 15, 2024
Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
High
CVE-2023-50780
was published
for
org.apache.activemq:artemis-cli
(Maven)
Oct 14, 2024
Gradio's CORS origin validation accepts the null origin
Moderate
CVE-2024-47165
was published
for
gradio
(pip)
Oct 10, 2024
Gradios's CORS origin validation is not performed when the request has a cookie
High
CVE-2024-47084
was published
for
gradio
(pip)
Oct 10, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-45131
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Authorization vulnerability
High
CVE-2024-45132
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-45128
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Improper Authorization in Select Permissions
High
GHSA-9722-9j67-vjcr
was published
for
surrealdb
(Rust)
Oct 8, 2024
Parse Server's custom object ID allows to acquire role privileges
High
CVE-2024-47183
was published
for
parse-server
(npm)
Oct 4, 2024
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission
Moderate
CVE-2024-46989
was published
for
github.com/authzed/spicedb
(Go)
Sep 18, 2024
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability
Moderate
CVE-2024-46943
was published
for
org.opendaylight.aaa:aaa-artifacts
(Maven)
Sep 16, 2024
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries
High
CVE-2024-46942
was published
for
org.opendaylight.mdsal:mdsal-artifacts
(Maven)
Sep 16, 2024
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability
Moderate
CVE-2024-45043
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
(Go)
Aug 29, 2024
Powermail TYPO3 extension Broken Access Control in the OutputController
Moderate
CVE-2024-45233
was published
for
in2code/powermail
(Composer)
Aug 29, 2024
Flowise Authentication Bypass vulnerability
High
CVE-2024-8181
was published
for
flowise
(npm)
Aug 27, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window
Moderate
CVE-2024-45244
was published
for
github.com/hyperledger/fabric
(Go)
Aug 25, 2024
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints
Critical
CVE-2024-42490
was published
for
goauthentik.io
(Go)
Aug 22, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-39412
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
OpenFGA Authorization Bypass
High
CVE-2024-42473
was published
for
github.com/openfga/openfga
(Go)
Aug 9, 2024
ProTip!
Advisories are also available from the
GraphQL API