Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,945 advisories

Silverstripe SiteTree Creation Permission Vulnerability High
GHSA-3mm9-2p44-rw39 was published for silverstripe/cms (Composer) May 22, 2024
MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64... High Unreviewed
CVE-2024-3745 was published May 18, 2024
Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter ... Moderate Unreviewed
CVE-2024-34434 was published May 17, 2024
Grafana account takeover via OAuth vulnerability High
CVE-2022-31107 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana API IDOR Moderate
CVE-2022-21713 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Fine-grained access control vulnerability Critical
CVE-2021-41244 was published for github.com/grafana/grafana (Go) May 14, 2024
Ant Media Server does not properly authorize non-administrative API calls Moderate
CVE-2024-3462 was published for io.antmedia:ant-media-server (Maven) May 14, 2024
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag High
CVE-2024-34346 was published for deno (Rust) May 8, 2024
mmastrac
Apache Superset Incorrect Authorization vulnerability Moderate
CVE-2024-28148 was published for apache-superset (pip) May 7, 2024
Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation... Moderate Unreviewed
CVE-2023-42124 was published May 3, 2024
A vulnerability exists in the web-authentication component of the SDM600. If exploited an... High Unreviewed
CVE-2024-2378 was published Apr 30, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16... Moderate Unreviewed
CVE-2024-4006 was published Apr 25, 2024
Incorrect Authorization vulnerability in Supsystic Data Tables Generator.This issue affects Data... Moderate Unreviewed
CVE-2023-25043 was published Apr 17, 2024
OpenFGA Authorization Bypass High
CVE-2024-31452 was published for github.com/openfga/openfga (Go) Apr 16, 2024
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service Low
CVE-2024-27086 was published for Microsoft.Identity.Client (NuGet) Apr 16, 2024
localden bgavrilMS
gladjohn pmaytak jmprieur christothes ntc-swiss-team
An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically... Critical Unreviewed
CVE-2024-1738 was published Apr 16, 2024
Argo CD's API server does not enforce project sourceNamespaces Moderate
CVE-2024-31990 was published for github.com/argoproj/argo-cd/v2 (Go) Apr 15, 2024
crenshaw-dev pasha-codefresh
Dusk plugin may allow unfettered user authentication in misconfigured installs High
CVE-2024-32003 was published for winter/wn-dusk-plugin (Composer) Apr 12, 2024
bennothommo
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode Moderate
CVE-2024-27309 was published for org.apache.kafka:kafka-metadata (Maven) Apr 12, 2024
In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user removed from an... Critical Unreviewed
CVE-2024-1740 was published Apr 10, 2024
An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary... High Unreviewed
CVE-2024-1625 was published Apr 10, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints Moderate
CVE-2024-29834 was published for org.apache.pulsar:pulsar-broker (Maven) Apr 2, 2024
oscerd
ZITADEL's actions can overload reserved claims Moderate
CVE-2024-29892 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024
schettn fforootd
adlerhurst livio-a
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could... Moderate Unreviewed
CVE-2024-31134 was published Mar 28, 2024
Elasticsearch Incorrect Authorization vulnerability Moderate
CVE-2024-23451 was published for org.elasticsearch:elasticsearch (Maven) Mar 27, 2024
ProTip! Advisories are also available from the GraphQL API