Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,295 advisories

Loading
OpenStack Identity service (keystone) Incorrect Authorization High
CVE-2017-2673 was published for keystone (pip) May 13, 2022
OpenStack Compute Nova Unauthorised access to arbitrary VM using VNC token from deleted VM High
CVE-2013-0335 was published for Nova (pip) May 5, 2022
Jenkins item creation restriction bypass vulnerability Moderate
CVE-2024-47804 was published for org.jenkins-ci.main:jenkins-core (Maven) Oct 2, 2024
The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing... High Unreviewed
CVE-2024-7915 was published Nov 25, 2024
Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager... Moderate Unreviewed
CVE-2024-11672 was published Nov 25, 2024
Incorrect authorization in the permission validation component of Devolutions Remote Desktop... Moderate Unreviewed
CVE-2024-11670 was published Nov 25, 2024
Nautobot missing object-level permissions enforcement when running Job Buttons Low
CVE-2023-51649 was published for nautobot (pip) Dec 22, 2023
abdikanipd
OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli Moderate
CVE-2022-31153 was published for openzeppelin-cairo-contracts (pip) Jul 15, 2022
moodle: IDOR when fetching report schedules Moderate
CVE-2024-48901 was published for moodle/moodle (Composer) Nov 18, 2024
moodle: IDOR in edit/delete RSS feed Moderate
CVE-2024-48897 was published for moodle/moodle (Composer) Nov 18, 2024
Permission control vulnerability in the package management module.Successful exploitation of this... High Unreviewed
CVE-2023-52374 was published Feb 18, 2024
An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate... Critical Unreviewed
CVE-2023-29381 was published Jul 6, 2023
Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs Moderate
CVE-2022-31671 was published for github.com/goharbor/harbor (Go) Sep 9, 2022
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component:... High Unreviewed
CVE-2024-21287 was published Nov 19, 2024
Harbor fails to validate the user permissions when updating a robot account Moderate
CVE-2022-31667 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
andrewpollock
Harbor fails to validate the user permissions when updating tag immutability policies Moderate
CVE-2022-31669 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
michaelkedar
Harbor fails to validate the user permissions when updating tag retention policies High
CVE-2022-31670 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
michaelkedar
Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16. Moderate Unreviewed
CVE-2022-0406 was published Apr 4, 2022
Defining resource name as integer may give unintended access in vantage6 Moderate
CVE-2023-28635 was published for vantage6 (pip) Oct 13, 2023
Invalid root may become trusted root in The Update Framework (TUF) Moderate
CVE-2020-15163 was published for tuf (pip) Sep 9, 2020
FlorianVeaux
trytond Incorrect Authorization vulnerability High
CVE-2012-2238 was published for trytond (pip) Apr 23, 2022
lunary-ai/lunary allows users unauthorized access to projects Critical
CVE-2024-4146 was published for lunary (npm) Jun 8, 2024 withdrawn
vincelwt
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access High
CVE-2024-44076 was published for io.github.microcks:microcks-app (Maven) Aug 19, 2024
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints Critical
CVE-2024-42490 was published for goauthentik.io (Go) Aug 22, 2024
m2a2
fabedge has insecure permissions Critical
CVE-2024-36536 was published for github.com/fabedge/fabedge (Go) Jul 24, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database