GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
220 advisories
Filter by severity
In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows...
Critical
Unreviewed
CVE-2024-3379
was published
Nov 14, 2024
Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control,...
Critical
Unreviewed
CVE-2023-31704
was published
Jul 13, 2023
An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in...
Critical
Unreviewed
CVE-2024-42773
was published
Aug 22, 2024
Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of...
Critical
Unreviewed
CVE-2024-48176
was published
Nov 6, 2024
An authentication issue was addressed with improved state management. This issue is fixed in...
Critical
Unreviewed
CVE-2024-23255
was published
Mar 8, 2024
WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController...
Critical
Unreviewed
CVE-2024-48237
was published
Oct 26, 2024
Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control....
Critical
Unreviewed
CVE-2024-41617
was published
Oct 25, 2024
** DISPUTED ** An issue was discovered in SMA Solar Technology products. A secondary...
Critical
Unreviewed
CVE-2017-9855
was published
May 13, 2022
Incorrect access control in the fingerprint authentication mechanism of Phone Cleaner: Boost &...
Critical
Unreviewed
CVE-2024-31682
was published
Jun 3, 2024
An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to...
Critical
Unreviewed
CVE-2024-28394
was published
Mar 20, 2024
The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding...
Critical
Unreviewed
CVE-2024-48548
was published
Oct 24, 2024
Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the...
Critical
Unreviewed
CVE-2024-42966
was published
Aug 15, 2024
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0...
Critical
Unreviewed
CVE-2024-45519
was published
Oct 3, 2024
The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0...
Critical
Unreviewed
CVE-2024-38002
was published
Oct 22, 2024
An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An...
Critical
Unreviewed
CVE-2024-23629
was published
Jan 26, 2024
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application,...
Critical
Unreviewed
CVE-2024-3033
was published
Jun 6, 2024
An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker...
Critical
Unreviewed
CVE-2024-48784
was published
Oct 11, 2024
An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote...
Critical
Unreviewed
CVE-2024-48778
was published
Oct 11, 2024
An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker...
Critical
Unreviewed
CVE-2024-48786
was published
Oct 11, 2024
An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain...
Critical
Unreviewed
CVE-2024-48787
was published
Oct 11, 2024
An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive...
Critical
Unreviewed
CVE-2024-48772
was published
Oct 11, 2024
An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain...
Critical
Unreviewed
CVE-2024-48769
was published
Oct 11, 2024
Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers...
Critical
Unreviewed
CVE-2024-45160
was published
Oct 9, 2024
The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect...
Critical
Unreviewed
CVE-2023-6036
was published
Feb 12, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2...
Critical
Unreviewed
CVE-2023-5009
was published
Sep 19, 2023
ProTip!
Advisories are also available from the
GraphQL API