GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
36 advisories
Filter by severity
RBAC Roles for `etcd` created by Kamaji are not disjunct
Critical
CVE-2024-42480
was published
for
github.com/clastix/kamaji
(Go)
Aug 12, 2024
Mattermost allows unsolicited invites to expose access to local channels
Critical
CVE-2024-39777
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel
Critical
CVE-2024-39274
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
EverShop at risk to unauthorized access via weak HMAC secret
Critical
CVE-2023-46943
was published
for
@evershop/evershop
(npm)
Jan 13, 2024
Access Control Bypass in Spring Security
Critical
CVE-2023-34034
was published
for
org.springframework.security:spring-security-config
(Maven)
Jul 19, 2023
Roundup xml-rpc server improper check of property permissions
Critical
CVE-2008-1475
was published
for
roundup
(pip)
May 1, 2022
rdiffweb Improper Access Control vulnerability
Critical
CVE-2022-4724
was published
for
rdiffweb
(pip)
Dec 27, 2022
Salt allows deleted minions to read or write to minions with the same id
Critical
CVE-2016-9639
was published
for
salt
(pip)
May 17, 2022
Improper Access Control in jupyterhub-firstuseauthenticator
Critical
CVE-2021-41194
was published
for
jupyterhub-firstuseauthenticator
(pip)
Oct 28, 2021
SaToken privilege escalation vulnerability
Critical
CVE-2023-44794
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
Apache HugeGraph-Server: Command execution in gremlin
Critical
CVE-2024-27348
was published
for
org.apache.hugegraph:hugegraph-api
(Maven)
Apr 22, 2024
Improper Access Control in Apache Shiro
Critical
CVE-2016-4437
was published
for
org.apache.shiro:shiro-core
(Maven)
May 14, 2022
Apache Tomcat Improper Access Control vulnerability
Critical
CVE-2016-8735
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 13, 2022
Wikimedia MediaWiki Incorrect Access Control vulnerability
Critical
CVE-2019-12468
was published
for
mediawiki/core
(Composer)
May 24, 2022
Improper Access Control in Gitea
Critical
CVE-2020-28991
was published
for
github.com/go-gitea/gitea
(Go)
Apr 24, 2024
Symfony Incorrect Access Control
Critical
CVE-2017-11365
was published
for
symfony/security
(Composer)
May 24, 2022
Drupal Improper Access Control
Critical
CVE-2019-6342
was published
for
drupal/core
(Composer)
Jan 11, 2024
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Critical
CVE-2024-22206
was published
for
@clerk/nextjs
(npm)
Jan 12, 2024
Improper Access Control in SLF4J
Critical
CVE-2018-8088
was published
for
org.slf4j:slf4j-ext
(Maven)
May 13, 2022
Puppet Improper Access Control
Critical
CVE-2016-2785
was published
for
puppet
(RubyGems)
May 13, 2022
XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution
Critical
CVE-2023-40573
was published
for
com.xpn.xwiki.platform.plugins:xwiki-plugin-scheduler
(Maven)
Aug 23, 2023
Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos
Critical
CVE-2023-4696
was published
for
github.com/usememos/memos
(Go)
Sep 1, 2023
Apache Ambari Improper Access Control
Critical
CVE-2016-6807
was published
for
org.apache.ambari:ambari
(Maven)
May 17, 2022
XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode
Critical
CVE-2023-29526
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 20, 2023
Access control bypass in beego
Critical
CVE-2022-31259
was published
for
github.com/beego/beego
(Go)
May 22, 2022
ProTip!
Advisories are also available from the
GraphQL API