GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
186 advisories
Filter by severity
OpenCanary Executes Commands From Potentially Writable Config File
Moderate
CVE-2024-48911
was published
for
OpenCanary
(pip)
Oct 14, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-45131
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-45128
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Incorrect Authorization vulnerability
Moderate
CVE-2024-45125
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Jenkins item creation restriction bypass vulnerability
Moderate
CVE-2024-47804
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Oct 2, 2024
AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template
Moderate
CVE-2024-45037
was published
for
aws-cdk
(npm)
Aug 27, 2024
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access
Moderate
CVE-2024-44076
was published
for
io.github.microcks:microcks-app
(Maven)
Aug 19, 2024
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check
Moderate
CVE-2024-40648
was published
for
matrix-sdk-crypto
(Rust)
Jul 18, 2024
Silverstripe Reports are still accessible even when `canView()` returns false
Moderate
CVE-2024-29885
was published
for
silverstripe/reports
(Composer)
Jul 17, 2024
NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects
Moderate
CVE-2022-29946
was published
for
github.com/nats-io/nats-server
(Go)
Jul 11, 2024
Red-DiscordBot vulnerable to Incorrect Authorization in commands API
Moderate
CVE-2024-39905
was published
for
Red-DiscordBot
(pip)
Jul 11, 2024
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records
Moderate
CVE-2024-39322
was published
for
aimeos/ai-admin-jsonadm
(Composer)
Jul 2, 2024
SFTPGo has insufficient access control for password reset
Moderate
CVE-2024-37897
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Jun 20, 2024
Magento Open Source Incorrect Authorization vulnerability
Moderate
CVE-2024-34106
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Evmos allows unvested token delegations
Moderate
CVE-2024-37154
was published
for
github.com/evmos/evmos/v10
(Go)
Jun 6, 2024
TYPO3 Broken Access Control in Import Module
Moderate
GHSA-g776-759r-pf6x
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Grafana API IDOR
Moderate
CVE-2022-21713
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Apache Superset Incorrect Authorization vulnerability
Moderate
CVE-2024-28148
was published
for
apache-superset
(pip)
May 7, 2024
Argo CD's API server does not enforce project sourceNamespaces
Moderate
CVE-2024-31990
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Apr 15, 2024
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
Moderate
CVE-2024-27309
was published
for
org.apache.kafka:kafka-metadata
(Maven)
Apr 12, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
Moderate
CVE-2024-29834
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Apr 2, 2024
ZITADEL's actions can overload reserved claims
Moderate
CVE-2024-29892
was published
for
github.com/zitadel/zitadel
(Go)
Mar 28, 2024
Elasticsearch Incorrect Authorization vulnerability
Moderate
CVE-2024-23451
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 27, 2024
vantage6's CORS settings overly permissive
Moderate
CVE-2024-23823
was published
for
vantage6
(pip)
Mar 15, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management
Moderate
CVE-2024-28098
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Mar 12, 2024
ProTip!
Advisories are also available from the
GraphQL API