GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
244 advisories
Filter by severity
The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated...
Critical
Unreviewed
CVE-2024-3777
was published
Apr 15, 2024
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0...
Critical
Unreviewed
CVE-2024-45519
was published
Oct 3, 2024
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and...
Critical
Unreviewed
CVE-2016-3427
was published
May 13, 2022
TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a...
Critical
Unreviewed
CVE-2023-26770
was published
Oct 4, 2024
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4...
Critical
Unreviewed
CVE-2024-42514
was published
Oct 1, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2...
Critical
Unreviewed
CVE-2023-5009
was published
Sep 19, 2023
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive...
Critical
Unreviewed
CVE-2023-1083
was published
Apr 9, 2024
SAP PowerDesigner - version 16.7, has improper access control which might allow an...
Critical
Unreviewed
CVE-2023-37483
was published
Aug 8, 2023
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands...
Critical
Unreviewed
CVE-2024-46627
was published
Sep 26, 2024
Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9...
Critical
Unreviewed
CVE-2023-37759
was published
Sep 8, 2023
An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in...
Critical
Unreviewed
CVE-2023-40039
was published
Sep 11, 2023
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in...
Critical
Unreviewed
CVE-2024-42797
was published
Sep 25, 2024
TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access...
Critical
Unreviewed
CVE-2023-43141
was published
Sep 25, 2023
An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary,...
Critical
Unreviewed
CVE-2024-5128
was published
Jun 6, 2024
Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run...
Critical
Unreviewed
CVE-2024-45489
was published
Sep 20, 2024
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties...
Critical
Unreviewed
CVE-2024-46937
was published
Sep 16, 2024
HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or...
Critical
Unreviewed
CVE-2023-5365
was published
Oct 9, 2023
Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this...
Critical
Unreviewed
CVE-2023-44118
was published
Oct 11, 2023
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also...
Critical
Unreviewed
CVE-2023-43119
was published
Oct 16, 2023
TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive...
Critical
Unreviewed
CVE-2024-39376
was published
Jun 27, 2024
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are...
Critical
Unreviewed
CVE-2023-41721
was published
Oct 25, 2023
Azure Stack Hub Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-38220
was published
Sep 10, 2024
Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality,...
Critical
Unreviewed
CVE-2024-8584
was published
Sep 9, 2024
An improper access control vulnerability has been identified in the SonicWall SonicOS management...
Critical
Unreviewed
CVE-2024-40766
was published
Aug 23, 2024
eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via...
Critical
Unreviewed
CVE-2024-42919
was published
Aug 20, 2024
ProTip!
Advisories are also available from the
GraphQL API