GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,336 advisories
Filter by severity
According to the researcher: "The TLS connections are encrypted against tampering or...
Critical
Unreviewed
CVE-2024-44097
was published
Oct 2, 2024
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in...
Critical
Unreviewed
CVE-2024-9265
was published
Oct 1, 2024
An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the ...
High
Unreviewed
CVE-2024-28813
was published
Sep 30, 2024
An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows...
High
Unreviewed
CVE-2024-46549
was published
Sep 30, 2024
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content...
High
Unreviewed
CVE-2024-22893
was published
Sep 25, 2024
Apache Hadoop: Temporary File Local Information Disclosure
Low
CVE-2024-23454
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Sep 25, 2024
Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to...
High
Unreviewed
CVE-2024-45373
was published
Sep 25, 2024
An improper privilege management vulnerability allowed arbitrary workflows to be committed using...
Moderate
Unreviewed
CVE-2024-8263
was published
Sep 23, 2024
Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain...
Moderate
Unreviewed
CVE-2024-44540
was published
Sep 23, 2024
Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2,...
Moderate
Unreviewed
CVE-2024-39342
was published
Sep 23, 2024
A condition exists in FlashArray Purity whereby a malicious user could use a remote...
Critical
Unreviewed
CVE-2024-0003
was published
Sep 23, 2024
A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows...
Critical
Unreviewed
CVE-2024-34331
was published
Sep 23, 2024
A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1...
High
Unreviewed
CVE-2024-41228
was published
Sep 23, 2024
The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and...
Critical
Unreviewed
CVE-2024-8853
was published
Sep 20, 2024
logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure...
High
Unreviewed
CVE-2024-45752
was published
Sep 19, 2024
ZITADEL's Service Users Deactivation not Working
High
CVE-2024-47000
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
ZITADEL's User Grant Deactivation not Working
High
CVE-2024-46999
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission
Low
CVE-2024-46989
was published
for
github.com/authzed/spicedb
(Go)
Sep 18, 2024
OpenShift Controller Manager Improper Privilege Management
Critical
CVE-2024-45496
was published
for
github.com/openshift/openshift-controller-manager
(Go)
Sep 17, 2024
This issue was addressed through improved state management. This issue is fixed in iOS 18 and...
High
Unreviewed
CVE-2024-44147
was published
Sep 17, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may...
High
Unreviewed
CVE-2024-40861
was published
Sep 17, 2024
An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music...
High
Unreviewed
CVE-2024-42798
was published
Sep 16, 2024
The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all...
High
Unreviewed
CVE-2024-6482
was published
Sep 16, 2024
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for...
High
Unreviewed
CVE-2024-8246
was published
Sep 16, 2024
An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding...
High
Unreviewed
CVE-2024-39925
was published
Sep 13, 2024
ProTip!
Advisories are also available from the
GraphQL API