GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
Authenticated Privilege Escalation
Low
GHSA-5q58-x5h2-v5rx
was published
for
shopware/core
(Composer)
Dec 21, 2020
Privilege escalation by backend users assigned to the default "Publisher" system role
Low
CVE-2020-15248
was published
for
october/backend
(Composer)
Nov 23, 2020
Byobu user preference to prevent private discussions being started are not respected
Low
CVE-2022-35921
was published
for
fof/byobu
(Composer)
Aug 6, 2022
Insufficient user authorization in Moodle
Low
CVE-2022-0333
was published
for
moodle/moodle
(Composer)
Jan 28, 2022
Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource
Low
CVE-2023-3485
was published
for
go.temporal.io/server
(Go)
Jun 30, 2023
Mattermost Incorrect Authorization vulnerability
Low
CVE-2023-5159
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Sep 29, 2023
Mattermost Incorrect Authorization vulnerability
Low
CVE-2023-5193
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Sep 29, 2023
kiwi TCMS has possibility for user to update email address to unverified one
Low
CVE-2023-30544
was published
for
kiwitcms
(pip)
Apr 24, 2023
Nautobot missing object-level permissions enforcement when running Job Buttons
Low
CVE-2023-51649
was published
for
nautobot
(pip)
Dec 22, 2023
Incorrect Authorization in Jenkins Core
Low
CVE-2023-27903
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
Information leak in Gerrit
Low
CVE-2020-8920
was published
for
com.google.gerrit:gerrit-plugin-api
(Maven)
May 24, 2022
Backoffice User can bypass "Publish" restriction
Low
CVE-2023-48227
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service
Low
CVE-2024-27086
was published
for
Microsoft.Identity.Client
(NuGet)
Apr 16, 2024
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services
Low
CVE-2024-39324
was published
for
aimeos/ai-admin-graphql
(Composer)
Jul 2, 2024
Mattermost Jira Plugin does not properly check security levels
Low
CVE-2024-24774
was published
for
github.com/mattermost/mattermost-plugin-jira
(Go)
Feb 9, 2024
changedetection.io API endpoint is not secured with API token
Low
CVE-2024-23329
was published
for
changedetection.io
(pip)
Jan 23, 2024
Information Disclosure in TYPO3 Page Tree
Low
CVE-2024-47780
was published
for
typo3/cms-backend
(Composer)
Oct 8, 2024
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
Low
CVE-2024-48925
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
Moodle's user/power level management inconsistent with suspended users
Low
CVE-2024-43433
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
ProTip!
Advisories are also available from the
GraphQL API