GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
248 advisories
Filter by severity
Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This...
Critical
Unreviewed
CVE-2023-51644
was published
Nov 22, 2024
Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows...
Critical
Unreviewed
CVE-2024-40117
was published
Jul 26, 2024
Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox...
Critical
Unreviewed
CVE-2023-29121
was published
Nov 5, 2024
In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability...
Critical
Unreviewed
CVE-2024-7474
was published
Oct 29, 2024
** DISPUTED ** An issue was discovered in SMA Solar Technology products. A secondary...
Critical
Unreviewed
CVE-2017-9855
was published
May 13, 2022
Incorrect access control in the fingerprint authentication mechanism of Phone Cleaner: Boost &...
Critical
Unreviewed
CVE-2024-31682
was published
Jun 3, 2024
An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to...
Critical
Unreviewed
CVE-2024-7475
was published
Oct 29, 2024
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can...
Critical
Unreviewed
CVE-2024-25735
was published
Mar 27, 2024
In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without...
Critical
Unreviewed
CVE-2024-31815
was published
Apr 8, 2024
Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the...
Critical
Unreviewed
CVE-2024-42966
was published
Aug 15, 2024
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0...
Critical
Unreviewed
CVE-2024-45519
was published
Oct 3, 2024
The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated...
Critical
Unreviewed
CVE-2024-3777
was published
Apr 15, 2024
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and...
Critical
Unreviewed
CVE-2016-3427
was published
May 13, 2022
TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a...
Critical
Unreviewed
CVE-2023-26770
was published
Oct 4, 2024
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4...
Critical
Unreviewed
CVE-2024-42514
was published
Oct 1, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2...
Critical
Unreviewed
CVE-2023-5009
was published
Sep 19, 2023
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive...
Critical
Unreviewed
CVE-2023-1083
was published
Apr 9, 2024
SAP PowerDesigner - version 16.7, has improper access control which might allow an...
Critical
Unreviewed
CVE-2023-37483
was published
Aug 8, 2023
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands...
Critical
Unreviewed
CVE-2024-46627
was published
Sep 26, 2024
Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9...
Critical
Unreviewed
CVE-2023-37759
was published
Sep 8, 2023
An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in...
Critical
Unreviewed
CVE-2023-40039
was published
Sep 11, 2023
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in...
Critical
Unreviewed
CVE-2024-42797
was published
Sep 25, 2024
TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access...
Critical
Unreviewed
CVE-2023-43141
was published
Sep 25, 2023
An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary,...
Critical
Unreviewed
CVE-2024-5128
was published
Jun 6, 2024
Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run...
Critical
Unreviewed
CVE-2024-45489
was published
Sep 20, 2024
ProTip!
Advisories are also available from the
GraphQL API