Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

251 advisories

Loading
A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This... Moderate Unreviewed
CVE-2024-10598 was published Nov 1, 2024
Improper authorization in some Intel(R) PM software may allow a privileged user to potentially... Moderate Unreviewed
CVE-2023-38135 was published Oct 25, 2024
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress... Moderate Unreviewed
CVE-2024-9531 was published Oct 24, 2024
The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a... Moderate Unreviewed
CVE-2020-36841 was published Oct 16, 2024
Gradio's CORS origin validation accepts the null origin Moderate
CVE-2024-47165 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-45131 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-45128 was published for magento/community-edition (Composer) Oct 10, 2024
Information disclosure while sending implicit broadcast containing APP launch information. Moderate Unreviewed
CVE-2024-38425 was published Oct 7, 2024
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low... Moderate Unreviewed
CVE-2024-20441 was published Oct 2, 2024
A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been... Moderate Unreviewed
CVE-2024-9297 was published Sep 28, 2024
A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow... Moderate Unreviewed
CVE-2024-20414 was published Sep 25, 2024
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as... Moderate Unreviewed
CVE-2024-9082 was published Sep 22, 2024
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries Moderate
CVE-2024-46942 was published for org.opendaylight.mdsal:mdsal-artifacts (Maven) Sep 16, 2024
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability Moderate
CVE-2024-46943 was published for org.opendaylight.aaa:aaa-artifacts (Maven) Sep 16, 2024
An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an... Moderate Unreviewed
CVE-2024-6840 was published Sep 12, 2024
Microsoft Outlook for iOS Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-43482 was published Sep 10, 2024
Windows Remote Desktop Licensing Service Denial of Service Vulnerability Moderate Unreviewed
CVE-2024-38231 was published Sep 10, 2024
A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote... Moderate Unreviewed
CVE-2024-20497 was published Sep 4, 2024
BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in... Moderate Unreviewed
CVE-2024-34463 was published Sep 3, 2024
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin... Moderate Unreviewed
CVE-2024-5053 was published Sep 1, 2024
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability Moderate
CVE-2024-45043 was published for github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver (Go) Aug 29, 2024
DouglasHeriot Aneurysm9
arminru
Powermail TYPO3 extension Broken Access Control in the OutputController Moderate
CVE-2024-45233 was published for in2code/powermail (Composer) Aug 29, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window Moderate
CVE-2024-45244 was published for github.com/hyperledger/fabric (Go) Aug 25, 2024
A vulnerability has been found in SourceCodester Yoga Class Registration System 1.0 and... Moderate Unreviewed
CVE-2024-7851 was published Aug 16, 2024
* Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU... Moderate Unreviewed
CVE-2024-6347 was published Aug 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database