GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
276 advisories
Filter by severity
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-29990
was published
Apr 9, 2024
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive...
Critical
Unreviewed
CVE-2023-1083
was published
Apr 9, 2024
In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without...
Critical
Unreviewed
CVE-2024-31815
was published
Apr 8, 2024
Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface...
Critical
Unreviewed
CVE-2024-27602
was published
Apr 2, 2024
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can...
Critical
Unreviewed
CVE-2024-25735
was published
Mar 27, 2024
Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control...
Critical
Unreviewed
CVE-2024-29866
was published
Mar 21, 2024
An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1...
Critical
Unreviewed
CVE-2020-26942
was published
Mar 21, 2024
The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in...
Critical
Unreviewed
CVE-2021-47155
was published
Mar 18, 2024
Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has...
Critical
Unreviewed
CVE-2022-47036
was published
Mar 18, 2024
An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a...
Critical
Unreviewed
CVE-2024-28390
was published
Mar 14, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The...
Critical
Unreviewed
CVE-2022-32257
was published
Mar 12, 2024
An issue was discovered in Lustre versions 2.13.x, 2.14.x, and 2.15.x before 2.15.4, allows...
Critical
Unreviewed
CVE-2023-51786
was published
Mar 7, 2024
Incorrect access control in Book Store Management System v1 allows attackers to access...
Critical
Unreviewed
CVE-2023-49543
was published
Mar 2, 2024
A remote attacker may be able to bypass access control of Commend WS203VICM by creating a...
Critical
Unreviewed
CVE-2024-21767
was published
Mar 1, 2024
An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not...
Critical
Unreviewed
CVE-2023-49931
was published
Feb 29, 2024
An issue was discovered in RWS WorldServer before 11.7.3. Regular users can create users with the...
Critical
Unreviewed
CVE-2022-34270
was published
Feb 29, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS...
Critical
Unreviewed
CVE-2023-42945
was published
Feb 21, 2024
4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set...
Critical
Unreviewed
CVE-2024-24300
was published
Feb 15, 2024
Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability
Critical
Unreviewed
CVE-2024-21376
was published
Feb 13, 2024
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-21401
was published
Feb 13, 2024
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-21364
was published
Feb 13, 2024
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the...
Critical
Unreviewed
CVE-2024-24496
was published
Feb 8, 2024
Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This...
Critical
Unreviewed
CVE-2024-0642
was published
Jan 17, 2024
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Critical
CVE-2024-22206
was published
for
@clerk/nextjs
(npm)
Jan 12, 2024
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16...
Critical
Unreviewed
CVE-2023-7028
was published
Jan 12, 2024
ProTip!
Advisories are also available from the
GraphQL API