GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
181 advisories
Filter by severity
Moodle Lesson activity password bypass through PHP loose comparison
Moderate
CVE-2024-45691
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Moodle allows users to retrieve information they did not have permission to access
Moderate
CVE-2024-45689
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
moodle: IDOR when fetching report schedules
Moderate
CVE-2024-48901
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
moodle: IDOR in edit/delete RSS feed
Moderate
CVE-2024-48897
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
Improper Authorization in dolibarr/dolibarr
Moderate
CVE-2021-3991
was published
for
dolibarr/dolibarr
(Composer)
Nov 15, 2024
Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs
Moderate
CVE-2022-31671
was published
for
github.com/goharbor/harbor
(Go)
Sep 9, 2022
Harbor fails to validate the user permissions when updating a robot account
Moderate
CVE-2022-31667
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
Harbor fails to validate the user permissions when updating tag immutability policies
Moderate
CVE-2022-31669
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
Harbor fails to validate the user permissions when updating tag retention policies
High
CVE-2022-31670
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
2FA bypass through deleting devices in wagtail-2fa
Moderate
CVE-2020-5240
was published
for
wagtail-2fa
(pip)
Mar 13, 2020
lunary-ai/lunary allows users unauthorized access to projects
Critical
CVE-2024-4146
was published
for
lunary
(npm)
Jun 8, 2024
•
withdrawn
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission
Moderate
CVE-2024-46989
was published
for
github.com/authzed/spicedb
(Go)
Sep 18, 2024
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries
High
CVE-2024-46942
was published
for
org.opendaylight.mdsal:mdsal-artifacts
(Maven)
Sep 16, 2024
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints
Critical
CVE-2024-42490
was published
for
goauthentik.io
(Go)
Aug 22, 2024
OpenSearch Observability does not properly restrict access to private tenant resources
Low
CVE-2024-39901
was published
for
org.opensearch.plugin:opensearch-observability
(Maven)
Jul 10, 2024
Improper Authorization in cobbler
Moderate
CVE-2022-0860
was published
for
cobbler
(pip)
Mar 11, 2022
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin
High
CVE-2024-52551
was published
for
org.jenkinsci.plugins:pipeline-model-parent
(Maven)
Nov 13, 2024
Harbor fails to validate the user permissions when updating p2p preheat policies
High
CVE-2022-31668
was published
for
github.com/goharbor/harbor
(Go)
Nov 14, 2024
Harbor fails to validate the user permissions when viewing Webhook policies
High
CVE-2022-31666
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin
High
CVE-2024-52550
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Nov 13, 2024
Parse Server's custom object ID allows to acquire role privileges
High
CVE-2024-47183
was published
for
parse-server
(npm)
Oct 4, 2024
Kyverno's PolicyException objects can be created in any namespace by default
High
CVE-2024-48921
was published
for
github.com/kyverno/kyverno
(Go)
Oct 29, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window
Moderate
CVE-2024-45244
was published
for
github.com/hyperledger/fabric
(Go)
Aug 25, 2024
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications
Critical
CVE-2024-38821
was published
for
org.springframework.security:spring-security-web
(Maven)
Oct 28, 2024
Improper authorization on debug and artifact file downloads
High
CVE-2023-36826
was published
for
sentry
(pip)
Jul 25, 2023
ProTip!
Advisories are also available from the
GraphQL API