GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
871 advisories
Filter by severity
An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute...
Moderate
Unreviewed
CVE-2024-33393
was published
May 1, 2024
Calico privilege escalation vulnerability
Moderate
CVE-2024-33522
was published
for
github.com/projectcalico/calico
(Go)
Apr 30, 2024
By default, SANnav OVA is shipped with root user login enabled. While protected by a password,...
Moderate
Unreviewed
CVE-2024-2859
was published
Apr 27, 2024
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that...
Moderate
Unreviewed
CVE-2024-3470
was published
Apr 19, 2024
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an...
Moderate
Unreviewed
CVE-2024-3388
was published
Apr 10, 2024
Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5...
Moderate
Unreviewed
CVE-2024-27247
was published
Apr 9, 2024
Improper privilege management in the installer for Zoom Desktop Client for Windows before version...
Moderate
Unreviewed
CVE-2024-24694
was published
Apr 9, 2024
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid...
Moderate
Unreviewed
CVE-2024-20282
was published
Apr 3, 2024
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management...
Moderate
Unreviewed
CVE-2024-25961
was published
Mar 28, 2024
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Moderate
Unreviewed
CVE-2024-26247
was published
Mar 23, 2024
IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with...
Moderate
Unreviewed
CVE-2023-47715
was published
Mar 21, 2024
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that...
Moderate
Unreviewed
CVE-2024-1908
was published
Mar 21, 2024
Users with `create` but not `override` privileges can perform local sync
Moderate
CVE-2023-50726
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the...
Moderate
Unreviewed
CVE-2024-2431
was published
Mar 13, 2024
An improper authorization vulnerability in Palo Alto Networks Panorama software enables an...
Moderate
Unreviewed
CVE-2024-2433
was published
Mar 13, 2024
A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows...
Moderate
Unreviewed
CVE-2024-2432
was published
Mar 13, 2024
A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could...
Moderate
Unreviewed
CVE-2024-20262
was published
Mar 13, 2024
In pt_sysctl_command of pt.c, there is a possible out of bounds write due to an incorrect bounds...
Moderate
Unreviewed
CVE-2024-25987
was published
Mar 11, 2024
In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, there is a possible out of...
Moderate
Unreviewed
CVE-2024-25990
was published
Mar 11, 2024
Grafana's users with permissions to create a data source can CRUD all data sources
Moderate
CVE-2024-1442
was published
for
github.com/grafana/grafana
(Go)
Mar 7, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6...
Moderate
Unreviewed
CVE-2023-6477
was published
Feb 22, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2...
Moderate
Unreviewed
CVE-2024-1250
was published
Feb 12, 2024
Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client...
Moderate
Unreviewed
CVE-2024-23764
was published
Feb 8, 2024
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user...
Moderate
Unreviewed
CVE-2024-22239
was published
Feb 6, 2024
Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion...
Moderate
Unreviewed
CVE-2023-28049
was published
Feb 6, 2024
ProTip!
Advisories are also available from the
GraphQL API