GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
0
620 advisories
Filter by severity
A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic....
Moderate
Unreviewed
CVE-2024-7438
was published
Aug 3, 2024
A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4....
Moderate
Unreviewed
CVE-2024-7437
was published
Aug 3, 2024
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey()...
Moderate
Unreviewed
CVE-2024-41254
was published
Jul 31, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects...
Moderate
Unreviewed
CVE-2024-38701
was published
Jul 22, 2024
On versions before 2.1.4, after a regular user successfully logs in, they can manually make a...
Moderate
Unreviewed
CVE-2024-34457
was published
Jul 22, 2024
Withdrawn: SFTPGo's JWT implmentation lacks certain security measures
Moderate
CVE-2024-40430
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Jul 22, 2024
•
withdrawn
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-5977
was published
Jul 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer...
Critical
Unreviewed
CVE-2024-5619
was published
Jul 18, 2024
The OpenSearch reporting plugin improperly controls tenancy access to reporting resources
Moderate
CVE-2024-39900
was published
for
org.opensearch.plugin:opensearch-reports-scheduler
(Maven)
Jul 18, 2024
NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request...
High
Unreviewed
CVE-2024-38447
was published
Jul 17, 2024
NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the...
Moderate
Unreviewed
CVE-2024-38446
was published
Jul 17, 2024
Sylius has a security vulnerability via adjustments API endpoint
High
CVE-2024-40633
was published
for
sylius/sylius
(Composer)
Jul 17, 2024
OpenSearch Observability does not properly restrict access to private tenant resources
Low
CVE-2024-39901
was published
for
org.opensearch.plugin:opensearch-observability
(Maven)
Jul 10, 2024
Cache driver GetBlob() allows read access to any blob without access control check
Moderate
CVE-2024-39897
was published
for
zotregistry.dev/zot
(Go)
Jul 9, 2024
An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and...
Moderate
Unreviewed
CVE-2024-21759
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged...
Critical
Unreviewed
CVE-2023-38049
was published
Jul 9, 2024
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user ...
High
Unreviewed
CVE-2023-3288
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38054
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user...
Critical
Unreviewed
CVE-2023-38051
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch,...
Critical
Unreviewed
CVE-2023-38052
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to...
High
Unreviewed
CVE-2023-38047
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38048
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38055
was published
Jul 9, 2024
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged...
Moderate
Unreviewed
CVE-2023-3290
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38050
was published
Jul 9, 2024
ProTip!
Advisories are also available from the
GraphQL API