Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,141
Erlang
30
GitHub Actions
19
Go
1,942
Maven
5,000+
npm
3,684
NuGet
650
pip
3,303
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,152 advisories

Loading
Incorrect access control in the firmware update and download processes of Sylvania Smart Home v3... High Unreviewed
CVE-2024-48544 was published Oct 24, 2024
The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding... Critical Unreviewed
CVE-2024-48548 was published Oct 24, 2024
Incorrect access control in the firmware update and download processes of Yamaha Headphones... High Unreviewed
CVE-2024-48542 was published Oct 24, 2024
A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause... Moderate Unreviewed
CVE-2024-10295 was published Oct 24, 2024
Incorrect access control in the firmware update and download processes of DreamCatcher Life v1.8... High Unreviewed
CVE-2024-48547 was published Oct 24, 2024
Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows... High Unreviewed
CVE-2024-48545 was published Oct 24, 2024
Incorrect access control in the firmware update and download processes of Ruochan Smart v4.4.7... High Unreviewed
CVE-2024-48541 was published Oct 24, 2024
Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the... Critical Unreviewed
CVE-2024-42966 was published Aug 15, 2024
Incorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows... High Unreviewed
CVE-2024-48546 was published Oct 24, 2024
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center ... Moderate Unreviewed
CVE-2024-20482 was published Oct 23, 2024
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0... Critical Unreviewed
CVE-2024-45519 was published Oct 3, 2024
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API Low
CVE-2024-48925 was published for Umbraco.CMS (NuGet) Oct 22, 2024
The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0... Critical Unreviewed
CVE-2024-38002 was published Oct 22, 2024
A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this... Moderate Unreviewed
CVE-2024-10173 was published Oct 20, 2024
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy Moderate
CVE-2022-0577 was published for scrapy (pip) Mar 1, 2022
ranjit-git
Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with... High Unreviewed
CVE-2024-29821 was published Oct 19, 2024
Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with... High Unreviewed
CVE-2024-29213 was published Oct 19, 2024
By holding a reference to the eval() function from an about:blank window, a malicious webpage... Moderate Unreviewed
CVE-2020-15664 was published May 24, 2022
Plone's authenticated users able to alter their password despite of policy definition Moderate
CVE-2013-4198 was published for Plone (pip) May 17, 2022
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module Moderate
CVE-2024-24751 was published for derhansen/sf_event_mgt (Composer) Feb 13, 2024
derhansen
An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An... Critical Unreviewed
CVE-2024-23629 was published Jan 26, 2024
OpenCanary Executes Commands From Potentially Writable Config File Moderate
CVE-2024-48911 was published for OpenCanary (pip) Oct 14, 2024
0x0L0RD DavidBakerEffendi
AndreiDreyer
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application,... Critical Unreviewed
CVE-2024-3033 was published Jun 6, 2024
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to... Moderate Unreviewed
CVE-2020-36289 was published May 24, 2022
Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may... High Unreviewed
CVE-2022-29871 was published Aug 11, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database