GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
22 advisories
Filter by severity
Sentry improperly authorizes muting of alert rules
High
CVE-2024-45606
was published
for
sentry
(pip)
Sep 17, 2024
Sentry improperly authorizes deletion of user issue alert notifications
High
CVE-2024-45605
was published
for
sentry
(pip)
Sep 17, 2024
Sylius has a security vulnerability via adjustments API endpoint
High
CVE-2024-40633
was published
for
sylius/sylius
(Composer)
Jul 17, 2024
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes
High
CVE-2024-39321
was published
for
github.com/traefik/traefik/v2
(Go)
Jul 5, 2024
Grafana: Users outside an organization can delete a snapshot with its key
High
CVE-2024-1313
was published
for
github.com/grafana/grafana
(Go)
Apr 5, 2024
OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation
High
CVE-2024-29194
was published
for
@oneuptime/common-server
(npm)
Mar 25, 2024
Keylime registrar and (untrusted) Agent can be bypassed by an attacker
High
CVE-2023-38201
was published
for
keylime
(pip)
Sep 6, 2023
Netmaker IDOR Allows User to Update Other User's Password
High
CVE-2023-32078
was published
for
github.com/gravitl/netmaker
(Go)
Aug 25, 2023
DataEase API interface has IDOR vulnerability
High
CVE-2023-32310
was published
for
io.dataease:dataease-plugin-common
(Maven)
Jun 2, 2023
usememos/memos Improper Access Control vulnerability
High
CVE-2022-4803
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
Magento Improper input validation vulnerability
High
CVE-2022-42344
was published
for
magento/community-edition
(Composer)
Oct 20, 2022
Authorization Bypass in parse-path
High
CVE-2022-0624
was published
for
parse-path
(npm)
Jun 29, 2022
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
High
CVE-2020-13700
was published
for
airesvsg/acf-to-rest-api
(Composer)
May 24, 2022
Magento 2 Community Edition Access Control Bypass
High
CVE-2019-7950
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition IDOR Vulnerability
High
CVE-2019-7890
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition IDOR Vulnerability
High
CVE-2019-7854
was published
for
magento/community-edition
(Composer)
May 24, 2022
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS
High
CVE-2021-41120
was published
for
sylius/paypal-plugin
(Composer)
Oct 6, 2021
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification
High
CVE-2021-41129
was published
for
pterodactyl/panel
(Composer)
Oct 4, 2021
High severity vulnerability that affects YamlDotNet and YamlDotNet.Signed
High
CVE-2018-1000210
was published
for
YamlDotNet
(NuGet)
Oct 16, 2018
ProTip!
Advisories are also available from the
GraphQL API