GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20 advisories
Filter by severity
OpenSearch Observability does not properly restrict access to private tenant resources
Low
CVE-2024-39901
was published
for
org.opensearch.plugin:opensearch-observability
(Maven)
Jul 10, 2024
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Low
CVE-2024-5798
was published
for
github.com/hashicorp/vault
(Go)
Jun 12, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Low
CVE-2024-30260
was published
for
undici
(npm)
Apr 4, 2024
The Gotham video-application-server service contained a race condition which would cause it to...
Low
Unreviewed
CVE-2023-30954
was published
Nov 15, 2023
Sensitive information disclosure and manipulation due to improper authorization. The following...
Low
Unreviewed
CVE-2023-44154
was published
Sep 27, 2023
An attacker with local access to the machine could record the traffic,
which could allow them...
Low
Unreviewed
CVE-2023-24476
was published
Jun 8, 2023
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to...
Low
Unreviewed
CVE-2022-4062
was published
Feb 1, 2023
Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows...
Low
Unreviewed
CVE-2022-39879
was published
Nov 10, 2022
Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows...
Low
Unreviewed
CVE-2022-36857
was published
Sep 10, 2022
Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local...
Low
Unreviewed
CVE-2022-36852
was published
Sep 10, 2022
Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical...
Low
Unreviewed
CVE-2022-36876
was published
Sep 10, 2022
Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access...
Low
Unreviewed
CVE-2022-33705
was published
Jul 13, 2022
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain...
Low
Unreviewed
CVE-2022-30757
was published
Jul 13, 2022
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is...
Low
Unreviewed
CVE-2021-28626
was published
May 24, 2022
Magento 2 Community Edition vulnerable to Improper Authorization
Low
CVE-2020-24404
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento incorrect user permissions vulnerability within the Inventory component
Low
CVE-2020-24403
was published
for
magento/community-edition
(Composer)
May 24, 2022
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).
Low
Unreviewed
CVE-2018-20927
was published
May 24, 2022
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to...
Low
Unreviewed
CVE-2022-22272
was published
Jan 11, 2022
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client`
Low
GHSA-prqf-xr2j-xf65
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Aug 23, 2021
Authorization Bypass in graphql-shield
Low
GHSA-hx78-272p-mqqh
was published
for
graphql-shield
(npm)
Sep 3, 2020
ProTip!
Advisories are also available from the
GraphQL API