GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,141
Erlang
30
GitHub Actions
19
Go
1,942
Maven
5,000+
npm
3,684
NuGet
650
pip
3,303
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,152 advisories
Filter by severity
Incorrect access control in the firmware update and download processes of Sylvania Smart Home v3...
High
Unreviewed
CVE-2024-48544
was published
Oct 24, 2024
The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding...
Critical
Unreviewed
CVE-2024-48548
was published
Oct 24, 2024
Incorrect access control in the firmware update and download processes of Yamaha Headphones...
High
Unreviewed
CVE-2024-48542
was published
Oct 24, 2024
A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause...
Moderate
Unreviewed
CVE-2024-10295
was published
Oct 24, 2024
Incorrect access control in the firmware update and download processes of DreamCatcher Life v1.8...
High
Unreviewed
CVE-2024-48547
was published
Oct 24, 2024
Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows...
High
Unreviewed
CVE-2024-48545
was published
Oct 24, 2024
Incorrect access control in the firmware update and download processes of Ruochan Smart v4.4.7...
High
Unreviewed
CVE-2024-48541
was published
Oct 24, 2024
Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the...
Critical
Unreviewed
CVE-2024-42966
was published
Aug 15, 2024
Incorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows...
High
Unreviewed
CVE-2024-48546
was published
Oct 24, 2024
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center ...
Moderate
Unreviewed
CVE-2024-20482
was published
Oct 23, 2024
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0...
Critical
Unreviewed
CVE-2024-45519
was published
Oct 3, 2024
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
Low
CVE-2024-48925
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0...
Critical
Unreviewed
CVE-2024-38002
was published
Oct 22, 2024
A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this...
Moderate
Unreviewed
CVE-2024-10173
was published
Oct 20, 2024
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy
Moderate
CVE-2022-0577
was published
for
scrapy
(pip)
Mar 1, 2022
Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with...
High
Unreviewed
CVE-2024-29821
was published
Oct 19, 2024
Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with...
High
Unreviewed
CVE-2024-29213
was published
Oct 19, 2024
By holding a reference to the eval() function from an about:blank window, a malicious webpage...
Moderate
Unreviewed
CVE-2020-15664
was published
May 24, 2022
Plone's authenticated users able to alter their password despite of policy definition
Moderate
CVE-2013-4198
was published
for
Plone
(pip)
May 17, 2022
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module
Moderate
CVE-2024-24751
was published
for
derhansen/sf_event_mgt
(Composer)
Feb 13, 2024
An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An...
Critical
Unreviewed
CVE-2024-23629
was published
Jan 26, 2024
OpenCanary Executes Commands From Potentially Writable Config File
Moderate
CVE-2024-48911
was published
for
OpenCanary
(pip)
Oct 14, 2024
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application,...
Critical
Unreviewed
CVE-2024-3033
was published
Jun 6, 2024
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to...
Moderate
Unreviewed
CVE-2020-36289
was published
May 24, 2022
Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may...
High
Unreviewed
CVE-2022-29871
was published
Aug 11, 2023
ProTip!
Advisories are also available from the
GraphQL API