GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,136 advisories
Filter by severity
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote...
Moderate
Unreviewed
CVE-2024-31402
was published
Jun 11, 2024
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote...
Moderate
Unreviewed
CVE-2024-31403
was published
Jun 11, 2024
This issue was addressed with improved permissions checking. This issue is fixed in macOS Sonoma...
High
Unreviewed
CVE-2024-27848
was published
Jun 10, 2024
lunary-ai/lunary allows users unauthorized access to projects
Critical
CVE-2024-4146
was published
for
lunary
(npm)
Jun 8, 2024
An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including...
High
Unreviewed
CVE-2024-5130
was published
Jun 6, 2024
Evmos allows unvested token delegations
Moderate
CVE-2024-37154
was published
for
github.com/evmos/evmos/v10
(Go)
Jun 6, 2024
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application,...
Critical
Unreviewed
CVE-2024-3033
was published
Jun 6, 2024
The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to...
High
Unreviewed
CVE-2024-5324
was published
Jun 6, 2024
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6...
Moderate
Unreviewed
CVE-2024-23669
was published
Jun 5, 2024
TYPO3 Broken Access Control in Import Module
Moderate
GHSA-g776-759r-pf6x
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Silverstripe SiteTree Creation Permission Vulnerability
High
GHSA-3mm9-2p44-rw39
was published
for
silverstripe/cms
(Composer)
May 22, 2024
Zoho ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a...
High
Unreviewed
CVE-2024-27312
was published
May 20, 2024
MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64...
High
Unreviewed
CVE-2024-3745
was published
May 18, 2024
Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter ...
Moderate
Unreviewed
CVE-2024-34434
was published
May 17, 2024
Grafana account takeover via OAuth vulnerability
High
CVE-2022-31107
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana API IDOR
Moderate
CVE-2022-21713
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Fine-grained access control vulnerability
Critical
CVE-2021-41244
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
High
CVE-2024-34346
was published
for
deno
(Rust)
May 8, 2024
Apache Superset Incorrect Authorization vulnerability
Moderate
CVE-2024-28148
was published
for
apache-superset
(pip)
May 7, 2024
Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation...
Moderate
Unreviewed
CVE-2023-42124
was published
May 3, 2024
A vulnerability exists in the web-authentication component of the SDM600. If exploited an...
High
Unreviewed
CVE-2024-2378
was published
Apr 30, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16...
Moderate
Unreviewed
CVE-2024-4006
was published
Apr 25, 2024
Incorrect Authorization vulnerability in Supsystic Data Tables Generator.This issue affects Data...
Moderate
Unreviewed
CVE-2023-25043
was published
Apr 17, 2024
OpenFGA Authorization Bypass
High
CVE-2024-31452
was published
for
github.com/openfga/openfga
(Go)
Apr 16, 2024
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service
Low
CVE-2024-27086
was published
for
Microsoft.Identity.Client
(NuGet)
Apr 16, 2024
ProTip!
Advisories are also available from the
GraphQL API