GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
786 advisories
Filter by severity
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2,...
Critical
Unreviewed
CVE-2024-28007
was published
Mar 28, 2024
In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and...
Critical
Unreviewed
CVE-2023-31634
was published
Mar 27, 2024
A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A...
Critical
Unreviewed
CVE-2024-2873
was published
Mar 26, 2024
This vulnerability allows remote attackers to reset the password of anonymous users without...
Critical
Unreviewed
CVE-2024-2862
was published
Mar 25, 2024
Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication...
Critical
Unreviewed
CVE-2024-1147
was published
Mar 21, 2024
Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication...
Critical
Unreviewed
CVE-2024-1148
was published
Mar 21, 2024
CWE-287: Improper Authentication may allow Authentication Bypass
Critical
Unreviewed
CVE-2024-27767
was published
Mar 18, 2024
An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in...
Critical
Unreviewed
CVE-2024-0799
was published
Mar 13, 2024
An improper authentication vulnerability has been reported to affect several QNAP operating...
Critical
Unreviewed
CVE-2024-21899
was published
Mar 8, 2024
JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are...
Critical
Unreviewed
CVE-2023-42662
was published
Mar 7, 2024
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware...
Critical
Unreviewed
CVE-2024-22245
was published
Feb 20, 2024
Adobe Framemaker versions 2022.1 and earlier are affected by an Improper Authentication...
Critical
Unreviewed
CVE-2024-20738
was published
Feb 15, 2024
Microsoft Exchange Server Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-21410
was published
Feb 13, 2024
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the...
Critical
Unreviewed
CVE-2024-24496
was published
Feb 8, 2024
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature...
Critical
Unreviewed
CVE-2024-22394
was published
Feb 8, 2024
Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if...
Critical
Unreviewed
CVE-2024-1039
was published
Feb 2, 2024
An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An...
Critical
Unreviewed
CVE-2024-23629
was published
Jan 26, 2024
An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation...
Critical
Unreviewed
CVE-2024-0822
was published
Jan 25, 2024
The authentication mechanism can be bypassed by overflowing the value of the Cookie ...
Critical
Unreviewed
CVE-2023-49262
was published
Jan 12, 2024
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication...
Critical
Unreviewed
CVE-2023-50919
was published
Jan 12, 2024
Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full...
Critical
Unreviewed
CVE-2023-51717
was published
Jan 9, 2024
An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value...
Critical
Unreviewed
CVE-2022-34267
was published
Dec 25, 2023
There is broken access control during authentication in Jamf Pro Server before 10.46.1.
Critical
Unreviewed
CVE-2023-31224
was published
Dec 25, 2023
The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due...
Critical
Unreviewed
CVE-2023-6483
was published
Dec 22, 2023
A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as...
Critical
Unreviewed
CVE-2023-6907
was published
Dec 20, 2023
ProTip!
Advisories are also available from the
GraphQL API