Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

28 advisories

Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects Moderate
CVE-2024-36112 was published for nautobot (pip) May 29, 2024
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the... Moderate Unreviewed
CVE-2024-35301 was published May 16, 2024
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet` Low
CVE-2024-32882 was published for wagtail (pip) May 1, 2024
jams2 Morsey187
RealOrangeOne laymonage
Mautic Sensitive Data Exposure due to inadequate user permission settings High
CVE-2022-25776 was published for mautic/core (Composer) Apr 12, 2024
lenonleite
Matrix IRC Bridge truncated content of messages can be leaked Moderate
CVE-2024-32000 was published for matrix-appservice-irc (npm) Apr 11, 2024
progval
A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors.... Moderate Unreviewed
CVE-2024-0560 was published Feb 28, 2024
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions Critical
CVE-2024-25108 was published for pixelfed/pixelfed (Composer) Feb 12, 2024
ThisIsMissEm nivenly-foundation
Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in... High Unreviewed
CVE-2023-25543 was published Feb 6, 2024
Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability High
CVE-2023-6267 was published for io.quarkus.resteasy.reactive:resteasy-reactive (Maven) Jan 25, 2024
Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers... Moderate Unreviewed
CVE-2023-6189 was published Nov 22, 2023
Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient... Moderate Unreviewed
CVE-2023-43087 was published Nov 2, 2023
Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker... Moderate Unreviewed
CVE-2023-32489 was published Aug 16, 2023
Missing access permissions checks in M-Files Client before 23.5.12598.0 allows elevation of... High Unreviewed
CVE-2023-2480 was published May 25, 2023
Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 ... Moderate Unreviewed
CVE-2023-2020 was published Apr 18, 2023
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer... High Unreviewed
CVE-2023-0181 was published Apr 1, 2023
Apiman vulnerable to permissions bypass due to missing check on API key URL Moderate
CVE-2023-28640 was published for io.apiman:apiman-manager-api-rest-impl (Maven) Mar 27, 2023
volkflo
`cilium-cli` disables etcd authorization for clustermesh clusters Moderate
CVE-2023-28114 was published for github.com/cilium/cilium-cli (Go) Mar 21, 2023
giorio94
usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges Moderate
CVE-2022-4863 was published for github.com/usememos/memos (Go) Dec 30, 2022
Apiman has insufficient checks for read permissions High
GHSA-54r5-wr8x-x5v3 was published for io.apiman:apiman-manager-api-rest-impl (Maven) Dec 20, 2022
msavy
Missing permissions check in Liferay Portal Moderate
CVE-2022-42126 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022... Low Unreviewed
CVE-2022-39886 was published Nov 10, 2022
Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to... Low Unreviewed
CVE-2022-39885 was published Nov 10, 2022
An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows... Moderate Unreviewed
CVE-2020-8219 was published May 24, 2022
Missing permissions check in Jenkins Core Moderate
CVE-2016-3725 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to... High Unreviewed
CVE-2019-6570 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API