Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

252 advisories

Loading
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this... Critical Unreviewed
CVE-2020-2506 was published May 24, 2022
Citrix Workspace App before 1904 for Windows has Incorrect Access Control. Critical Unreviewed
CVE-2019-11634 was published May 24, 2022
Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An... Critical Unreviewed
CVE-2024-33898 was published Jun 25, 2024
Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an... Critical Unreviewed
CVE-2021-22941 was published May 24, 2022
?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access... Critical Unreviewed
CVE-2023-30765 was published Jul 10, 2023
A privilege escalation allowing remote code execution was discovered in the orchestration service. Critical Unreviewed
CVE-2023-2530 was published Jun 7, 2023
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16... Critical Unreviewed
CVE-2023-7028 was published Jan 12, 2024
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0... Critical Unreviewed
CVE-2024-45519 was published Oct 3, 2024
The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable... Critical Unreviewed
CVE-2024-10124 was published Dec 12, 2024
Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and... Critical Unreviewed
CVE-2023-31241 was published May 22, 2023
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Critical Unreviewed
CVE-2023-42945 was published Feb 21, 2024
Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2023-51644 was published Nov 22, 2024
Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows... Critical Unreviewed
CVE-2024-40117 was published Jul 26, 2024
Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox... Critical Unreviewed
CVE-2023-29121 was published Nov 5, 2024
In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability... Critical Unreviewed
CVE-2024-7474 was published Oct 29, 2024
Incorrect access control in the fingerprint authentication mechanism of Phone Cleaner: Boost &... Critical Unreviewed
CVE-2024-31682 was published Jun 3, 2024
** DISPUTED ** An issue was discovered in SMA Solar Technology products. A secondary... Critical Unreviewed
CVE-2017-9855 was published May 13, 2022
An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to... Critical Unreviewed
CVE-2024-7475 was published Oct 29, 2024
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can... Critical Unreviewed
CVE-2024-25735 was published Mar 27, 2024
In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without... Critical Unreviewed
CVE-2024-31815 was published Apr 8, 2024
Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the... Critical Unreviewed
CVE-2024-42966 was published Aug 15, 2024
The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated... Critical Unreviewed
CVE-2024-3777 was published Apr 15, 2024
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and... Critical Unreviewed
CVE-2016-3427 was published May 13, 2022
TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a... Critical Unreviewed
CVE-2023-26770 was published Oct 4, 2024
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4... Critical Unreviewed
CVE-2024-42514 was published Oct 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database