Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

554 advisories

Loading
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an... Moderate Unreviewed
CVE-2024-39418 was published Aug 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an... Moderate Unreviewed
CVE-2024-39419 was published Aug 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an... Moderate Unreviewed
CVE-2024-39405 was published Aug 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an... Moderate Unreviewed
CVE-2024-39404 was published Aug 14, 2024
"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a... Moderate Unreviewed
CVE-2024-6384 was published Aug 13, 2024
OpenFGA Authorization Bypass High
CVE-2024-42473 was published for github.com/openfga/openfga (Go) Aug 9, 2024
sidneibjunior
Jenkins does not perform a permission check in an HTTP endpoint Moderate
CVE-2024-43045 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been classified... Moderate Unreviewed
CVE-2024-7578 was published Aug 7, 2024
An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an... Critical Unreviewed
CVE-2024-36130 was published Aug 7, 2024
Bostr Improper Authorization vulnerability Moderate
CVE-2024-41962 was published for bostr (npm) Aug 2, 2024
cxplay
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in... High Unreviewed
CVE-2024-40814 was published Jul 30, 2024
The issue was addressed with improved restriction of data container access. This issue is fixed... High Unreviewed
CVE-2024-40783 was published Jul 30, 2024
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported... Moderate Unreviewed
CVE-2024-21166 was published Jul 17, 2024
OpenSearch Observability does not properly restrict access to private tenant resources Low
CVE-2024-39901 was published for org.opensearch.plugin:opensearch-observability (Maven) Jul 10, 2024
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability High Unreviewed
CVE-2024-30061 was published Jul 9, 2024
In SAP Commerce, a user can misuse the forgotten password functionality to gain access to a... High Unreviewed
CVE-2024-39597 was published Jul 9, 2024
A command for refining a collection shard key is missing an authorization check. This may cause... Moderate Unreviewed
CVE-2024-6375 was published Jul 1, 2024
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do... Moderate Unreviewed
CVE-2023-35022 was published Jun 30, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11... Moderate Unreviewed
CVE-2024-3959 was published Jun 27, 2024
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0... High Unreviewed
CVE-2024-38329 was published Jun 19, 2024
Magento Open Source Improper Authorization vulnerability High
CVE-2024-34104 was published for magento/community-edition (Composer) Jun 13, 2024
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims Low
CVE-2024-5798 was published for github.com/hashicorp/vault (Go) Jun 12, 2024
Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an... High Unreviewed
CVE-2024-25949 was published Jun 12, 2024
lunary-ai/lunary allows users unauthorized access to projects Critical
CVE-2024-4146 was published for lunary (npm) Jun 8, 2024 withdrawn
vincelwt
TYPO3 Broken Access Control in Localization Handling Moderate
GHSA-772m-43f3-hmf8 was published for typo3/cms (Composer) Jun 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database