GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
206 advisories
Filter by severity
An authenticated user with API access (e.g.: user with default User role), more specifically a...
High
Unreviewed
CVE-2024-36467
was published
Nov 27, 2024
Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin
High
CVE-2024-52550
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Nov 13, 2024
The Booking & Appointment Plugin for WooCommerce plugin for WordPress is vulnerable to...
High
Unreviewed
CVE-2024-10729
was published
Nov 26, 2024
A race condition flaw was found in sssd where the GPO policy is not consistently applied for...
High
Unreviewed
CVE-2023-3758
was published
Apr 18, 2024
Harbor fails to validate the user permissions when updating tag retention policies
High
CVE-2022-31670
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries
High
CVE-2024-46942
was published
for
org.opendaylight.mdsal:mdsal-artifacts
(Maven)
Sep 16, 2024
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin
High
CVE-2024-52551
was published
for
org.jenkinsci.plugins:pipeline-model-parent
(Maven)
Nov 13, 2024
Harbor fails to validate the user permissions when updating p2p preheat policies
High
CVE-2022-31668
was published
for
github.com/goharbor/harbor
(Go)
Nov 14, 2024
Harbor fails to validate the user permissions when viewing Webhook policies
High
CVE-2022-31666
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
Parse Server's custom object ID allows to acquire role privileges
High
CVE-2024-47183
was published
for
parse-server
(npm)
Oct 4, 2024
Kyverno's PolicyException objects can be created in any namespace by default
High
CVE-2024-48921
was published
for
github.com/kyverno/kyverno
(Go)
Oct 29, 2024
Improper authorization on debug and artifact file downloads
High
CVE-2023-36826
was published
for
sentry
(pip)
Jul 25, 2023
The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that...
High
Unreviewed
CVE-2024-9235
was published
Oct 25, 2024
Privileges are not fully verified server-side, which can be abused by a user with limited...
High
Unreviewed
CVE-2024-28029
was published
Mar 22, 2024
Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
High
CVE-2023-50780
was published
for
org.apache.activemq:artemis-cli
(Maven)
Oct 14, 2024
SAK-50571 Sakai Kernel users created with type roleview can login as a normal user
High
CVE-2024-47876
was published
for
org.sakaiproject.kernel:sakai-kernel-impl
(Maven)
Oct 15, 2024
Magento Open Source Improper Authorization vulnerability
High
CVE-2024-45132
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Gradios's CORS origin validation is not performed when the request has a cookie
High
CVE-2024-47084
was published
for
gradio
(pip)
Oct 10, 2024
Improper Authorization in Select Permissions
High
GHSA-9722-9j67-vjcr
was published
for
surrealdb
(Rust)
Oct 8, 2024
Windows Kerberos Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-38129
was published
Oct 8, 2024
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W,...
High
Unreviewed
CVE-2024-20393
was published
Oct 2, 2024
The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7...
High
Unreviewed
CVE-2023-37491
was published
Aug 8, 2023
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers
High
CVE-2023-3518
was published
for
github.com/hashicorp/consul
(Go)
Aug 9, 2023
Improper Authentication, Missing Authentication for Critical Function, Improper Authorization...
High
Unreviewed
CVE-2024-7015
was published
Sep 9, 2024
IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions...
High
Unreviewed
CVE-2023-40683
was published
Jan 19, 2024
ProTip!
Advisories are also available from the
GraphQL API