GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
495 advisories
Filter by severity
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an...
Moderate
Unreviewed
CVE-2024-39416
was published
Aug 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an...
Moderate
Unreviewed
CVE-2024-39407
was published
Aug 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an...
Moderate
Unreviewed
CVE-2024-39419
was published
Aug 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an...
Moderate
Unreviewed
CVE-2024-39418
was published
Aug 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an...
Moderate
Unreviewed
CVE-2024-39415
was published
Aug 14, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-39412
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an...
Moderate
Unreviewed
CVE-2024-39404
was published
Aug 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an...
Moderate
Unreviewed
CVE-2024-39405
was published
Aug 14, 2024
"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a...
Moderate
Unreviewed
CVE-2024-6384
was published
Aug 13, 2024
OpenFGA Authorization Bypass
High
CVE-2024-42473
was published
for
github.com/openfga/openfga
(Go)
Aug 9, 2024
Jenkins does not perform a permission check in an HTTP endpoint
Moderate
CVE-2024-43045
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Aug 7, 2024
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been classified...
Moderate
Unreviewed
CVE-2024-7578
was published
Aug 7, 2024
An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an...
Critical
Unreviewed
CVE-2024-36130
was published
Aug 7, 2024
Bostr Improper Authorization vulnerability
Moderate
CVE-2024-41962
was published
for
bostr
(npm)
Aug 2, 2024
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in...
High
Unreviewed
CVE-2024-40814
was published
Jul 30, 2024
The issue was addressed with improved restriction of data container access. This issue is fixed...
High
Unreviewed
CVE-2024-40783
was published
Jul 30, 2024
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported...
Moderate
Unreviewed
CVE-2024-21166
was published
Jul 17, 2024
OpenSearch Observability does not properly restrict access to private tenant resources
Moderate
CVE-2024-39901
was published
for
org.opensearch.plugin:opensearch-observability
(Maven)
Jul 10, 2024
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
High
Unreviewed
CVE-2024-30061
was published
Jul 9, 2024
In SAP Commerce, a user can misuse the forgotten
password functionality to gain access to a...
High
Unreviewed
CVE-2024-39597
was published
Jul 9, 2024
A command for refining a collection shard key is missing an authorization check. This may cause...
Moderate
Unreviewed
CVE-2024-6375
was published
Jul 1, 2024
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do...
Moderate
Unreviewed
CVE-2023-35022
was published
Jun 30, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11...
Moderate
Unreviewed
CVE-2024-3959
was published
Jun 27, 2024
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0...
High
Unreviewed
CVE-2024-38329
was published
Jun 19, 2024
Magento Open Source Improper Authorization vulnerability
High
CVE-2024-34104
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
ProTip!
Advisories are also available from the
GraphQL API