GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
253 advisories
Filter by severity
Improper Authentication vulnerability in Apache Solr
Critical
CVE-2024-45216
was published
for
org.apache.solr:solr
(Maven)
Oct 16, 2024
An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker...
Critical
Unreviewed
CVE-2024-48786
was published
Oct 11, 2024
An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote...
Critical
Unreviewed
CVE-2024-48778
was published
Oct 11, 2024
An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker...
Critical
Unreviewed
CVE-2024-48784
was published
Oct 11, 2024
An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive...
Critical
Unreviewed
CVE-2024-48772
was published
Oct 11, 2024
An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain...
Critical
Unreviewed
CVE-2024-48787
was published
Oct 11, 2024
An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain...
Critical
Unreviewed
CVE-2024-48769
was published
Oct 11, 2024
Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers...
Critical
Unreviewed
CVE-2024-45160
was published
Oct 9, 2024
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0...
Critical
Unreviewed
CVE-2024-45519
was published
Oct 3, 2024
Incorrect Authorization vulnerability in the protocol communication between the WatchGuard...
Critical
Unreviewed
CVE-2024-6592
was published
Sep 25, 2024
Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On...
Critical
Unreviewed
CVE-2024-6593
was published
Sep 25, 2024
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows...
Critical
Unreviewed
CVE-2024-8606
was published
Sep 23, 2024
app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org...
Critical
Unreviewed
CVE-2024-46918
was published
Sep 16, 2024
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access...
Critical
Unreviewed
CVE-2024-45509
was published
Sep 2, 2024
HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability...
Critical
Unreviewed
CVE-2024-6202
was published
Aug 6, 2024
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve...
Critical
Unreviewed
CVE-2024-6782
was published
Aug 6, 2024
XWiki programming rights may be inherited by inclusion
Critical
CVE-2024-38369
was published
for
org.xwiki.platform:xwiki-platform-rendering-macro-include
(Maven)
Jun 24, 2024
Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not...
Critical
Unreviewed
CVE-2023-38389
was published
Jun 21, 2024
Apache Submarine Server Core Incorrect Authorization vulnerability
Critical
CVE-2024-36265
was published
for
apache-submarine
(Maven)
Jun 12, 2024
lunary-ai/lunary allows users unauthorized access to projects
Critical
CVE-2024-4146
was published
for
lunary
(npm)
Jun 8, 2024
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application,...
Critical
Unreviewed
CVE-2024-3033
was published
Jun 6, 2024
Grafana Fine-grained access control vulnerability
Critical
CVE-2021-41244
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically...
Critical
Unreviewed
CVE-2024-1738
was published
Apr 16, 2024
In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user removed from an...
Critical
Unreviewed
CVE-2024-1740
was published
Apr 10, 2024
In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report...
Critical
Unreviewed
CVE-2024-25652
was published
Mar 14, 2024
ProTip!
Advisories are also available from the
GraphQL API