Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

582 advisories

Loading
Kyverno's PolicyException objects can be created in any namespace by default High
CVE-2024-48921 was published for github.com/kyverno/kyverno (Go) Oct 29, 2024
jeidsath
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications Critical
CVE-2024-38821 was published for org.springframework.security:spring-security-web (Maven) Oct 28, 2024
Improper authorization in some Intel(R) PM software may allow a privileged user to potentially... Moderate Unreviewed
CVE-2023-38135 was published Oct 25, 2024
The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that... High Unreviewed
CVE-2024-9235 was published Oct 25, 2024
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress... Moderate Unreviewed
CVE-2024-9531 was published Oct 24, 2024
The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a... Moderate Unreviewed
CVE-2020-36841 was published Oct 16, 2024
SAK-50571 Sakai Kernel users created with type roleview can login as a normal user High
CVE-2024-47876 was published for org.sakaiproject.kernel:sakai-kernel-impl (Maven) Oct 15, 2024
Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans High
CVE-2023-50780 was published for org.apache.activemq:artemis-cli (Maven) Oct 14, 2024
Gradio's CORS origin validation accepts the null origin Moderate
CVE-2024-47165 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Gradios's CORS origin validation is not performed when the request has a cookie High
CVE-2024-47084 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-45131 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Authorization vulnerability High
CVE-2024-45132 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-45128 was published for magento/community-edition (Composer) Oct 10, 2024
Improper Authorization in Select Permissions High
GHSA-9722-9j67-vjcr was published for surrealdb (Rust) Oct 8, 2024
5hanth Xkonti
Windows Kerberos Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-38129 was published Oct 8, 2024
Information disclosure while sending implicit broadcast containing APP launch information. Moderate Unreviewed
CVE-2024-38425 was published Oct 7, 2024
Parse Server's custom object ID allows to acquire role privileges High
CVE-2024-47183 was published for parse-server (npm) Oct 4, 2024
mstniy mtrezza
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low... Moderate Unreviewed
CVE-2024-20441 was published Oct 2, 2024
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W,... High Unreviewed
CVE-2024-20393 was published Oct 2, 2024
A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been... Moderate Unreviewed
CVE-2024-9297 was published Sep 28, 2024
A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow... Moderate Unreviewed
CVE-2024-20414 was published Sep 25, 2024
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as... Moderate Unreviewed
CVE-2024-9082 was published Sep 22, 2024
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission Moderate
CVE-2024-46989 was published for github.com/authzed/spicedb (Go) Sep 18, 2024
tim-mod
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows... High Unreviewed
CVE-2024-43460 was published Sep 17, 2024
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries High
CVE-2024-46942 was published for org.opendaylight.mdsal:mdsal-artifacts (Maven) Sep 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database