GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,960
Composer 4,279
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,237
npm 3,740
NuGet 668
pip 3,421
Pub 12
RubyGems 891
Rust 873
Swift 36

Unreviewed advisories

All unreviewed 238,911

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

228 advisories

Filter by severity

Sort by

Least recently updated

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0... Critical Unreviewed

CVE-2024-45519 was published Oct 3, 2024

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android... Critical Unreviewed

CVE-2023-4617 was published Dec 19, 2024

Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf... Critical Unreviewed

CVE-2024-54662 was published Dec 17, 2024

A permissions issue was addressed by removing vulnerable code and adding additional checks. This... Critical Unreviewed

CVE-2024-44217 was published Oct 29, 2024

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability.... Critical Unreviewed

CVE-2024-11680 was published Nov 26, 2024

An authentication issue was addressed with improved state management. This issue is fixed in... Critical Unreviewed

CVE-2024-23255 was published Mar 8, 2024

Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value... Critical Unreviewed

CVE-2024-52732 was published Dec 2, 2024

A misconfiguration in the fingerprint authentication mechanism of Binance: BTC, Crypto and NFTS... Critical Unreviewed

CVE-2024-31695 was published Nov 15, 2024

UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on... Critical Unreviewed

CVE-2023-31997 was published Jul 1, 2023

An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate... Critical Unreviewed

CVE-2023-29381 was published Jul 6, 2023

In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows... Critical Unreviewed

CVE-2024-3379 was published Nov 14, 2024

Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control,... Critical Unreviewed

CVE-2023-31704 was published Jul 13, 2023

An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in... Critical Unreviewed

CVE-2024-42773 was published Aug 22, 2024

Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of... Critical Unreviewed

CVE-2024-48176 was published Nov 6, 2024

WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController... Critical Unreviewed

CVE-2024-48237 was published Oct 26, 2024

Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control.... Critical Unreviewed

CVE-2024-41617 was published Oct 25, 2024

** DISPUTED ** An issue was discovered in SMA Solar Technology products. A secondary... Critical Unreviewed

CVE-2017-9855 was published May 13, 2022

Incorrect access control in the fingerprint authentication mechanism of Phone Cleaner: Boost &... Critical Unreviewed

CVE-2024-31682 was published Jun 3, 2024

An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to... Critical Unreviewed

CVE-2024-28394 was published Mar 20, 2024

The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding... Critical Unreviewed

CVE-2024-48548 was published Oct 24, 2024

Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the... Critical Unreviewed

CVE-2024-42966 was published Aug 15, 2024

The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0... Critical Unreviewed

CVE-2024-38002 was published Oct 22, 2024

An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An... Critical Unreviewed

CVE-2024-23629 was published Jan 26, 2024

An improper authorization vulnerability exists in the mintplex-labs/anything-llm application,... Critical Unreviewed

CVE-2024-3033 was published Jun 6, 2024

An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker... Critical Unreviewed

CVE-2024-48786 was published Oct 11, 2024

Previous 1 2 3 4 5 … 9 10 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

228 advisories