Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

114 advisories

Loading
RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission High
CVE-2024-51988 was published for rabbit_common (Erlang) Nov 6, 2024
bedla anhanhnguyen
michaelklishin
Studio 42 elFinder vulnerable to Incorrect Access Control High
CVE-2024-38909 was published for studio-42/elfinder (Composer) Jul 30, 2024
Improper Input Validation in sopel-plugins.channelmgnt High
CVE-2021-21431 was published for sopel-plugins.channelmgnt (pip) Apr 9, 2021
slixmpp Incorrect Access Control High
CVE-2019-1000021 was published for slixmpp (pip) May 13, 2022
Salt Improper Access Control High
CVE-2016-1866 was published for salt (pip) May 14, 2022
Plone unauthorized member addition vulnerability High
CVE-2015-7315 was published for Plone (pip) May 17, 2022
Plone Unauthorized Access Vulnerability High
CVE-2017-1000483 was published for Plone (pip) May 13, 2022
Plone Unrestricted Filed Manipulation vulnerability via content edit forms High
CVE-2013-4193 was published for plone (pip) May 17, 2022
Plone Improper Access Control Vulnerability High
CVE-2013-4197 was published for plone (pip) May 17, 2022
Improper Access Control in pyftpdlib High
CVE-2009-5012 was published for pyftpdlib (pip) May 2, 2022
Magento Open Source Improper Access Control vulnerability High
CVE-2024-45118 was published for magento/community-edition (Composer) Oct 10, 2024
Keycloak's admin API allows low privilege users to use administrative functions High
CVE-2024-3656 was published for org.keycloak:keycloak-services (Maven) Jun 11, 2024
PowerJob incorrect access control vulnerability High
CVE-2023-36106 was published for tech.powerjob:powerjob (Maven) Aug 17, 2023
Arbitrary code using "crafted image file" approach affecting Pillow High
CVE-2016-9190 was published for Pillow (pip) Jul 12, 2018
OctoPrint Incorrect Access Control High
CVE-2021-32560 was published for octoprint (pip) May 24, 2022
MoinMoin Improper Access Control vulnerability High
CVE-2009-4762 was published for moin (pip) May 2, 2022
Mercurial vulnerable to arbitrary code execution when converting Git repos High
CVE-2016-3105 was published for mercurial (pip) May 17, 2022
OpenStack Keystone Allows Remote User Account Creation High
CVE-2012-3542 was published for keystone (pip) May 17, 2022
Improper Access Control in novajoin High
CVE-2019-10138 was published for novajoin (pip) Mar 12, 2020
Mautic vulnerable to Improper Access Control in UI upgrade process High
CVE-2022-25768 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default High
CVE-2024-6221 was published for Flask-Cors (pip) Aug 18, 2024
adrianosela Alex-ley-scrub
icarocd
Component takeover in Oracle Data Provider for .NET High
CVE-2023-21893 was published for Oracle.ManagedDataAccess (NuGet) Jan 18, 2023
georg-jung alexkeh
Borg Improper Access Control vulnerability High
CVE-2017-15914 was published for borgbackup (pip) May 13, 2022
EverShop at risk to unauthorized access via weak HMAC secret High
CVE-2023-46943 was published for @evershop/evershop (npm) Jan 13, 2024
Mattermost allows unsolicited invites to expose access to local channels High
CVE-2024-39777 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database