GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
879 advisories
Filter by severity
Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier...
Critical
Unreviewed
CVE-2023-26573
was published
Oct 25, 2023
Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main...
Critical
Unreviewed
CVE-2023-4562
was published
Oct 13, 2023
An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325...
Critical
Unreviewed
CVE-2023-24479
was published
Oct 11, 2023
A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN...
Critical
Unreviewed
CVE-2023-20252
was published
Sep 27, 2023
The vulnerability exists in Uniview IP Camera due to identification and authentication failure at...
Critical
Unreviewed
CVE-2023-0773
was published
Sep 19, 2023
** UNSUPPPORTED WHEN ASSIGNED ** Authentication Bypass by Assumed-Immutable Data vulnerability in...
Critical
Unreviewed
CVE-2023-4669
was published
Sep 14, 2023
User authentication with username and password credentials is ineffective in OpenText (Micro...
Critical
Unreviewed
CVE-2023-4501
was published
Sep 12, 2023
An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to...
Critical
Unreviewed
CVE-2023-39069
was published
Sep 12, 2023
An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to...
Critical
Unreviewed
CVE-2021-27715
was published
Sep 8, 2023
A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application...
Critical
Unreviewed
CVE-2023-20238
was published
Sep 6, 2023
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation...
Critical
Unreviewed
CVE-2023-31242
was published
Sep 5, 2023
Inadequate validation of permissions when employing remote tools and macros within Devolutions...
Critical
Unreviewed
CVE-2023-4373
was published
Aug 21, 2023
An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token.
Critical
Unreviewed
CVE-2023-39846
was published
Aug 17, 2023
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users...
Critical
Unreviewed
CVE-2023-35082
was published
Aug 15, 2023
Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0,...
Critical
Unreviewed
CVE-2023-40253
was published
Aug 11, 2023
EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication)...
Critical
Unreviewed
CVE-2023-40260
was published
Aug 11, 2023
Pega platform clients who are using versions 6.1 through 7.3.1 may be
utilizing default...
Critical
Unreviewed
CVE-2023-32090
was published
Aug 7, 2023
A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage...
Critical
Unreviewed
CVE-2023-20214
was published
Aug 4, 2023
ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an...
Critical
Unreviewed
CVE-2023-1935
was published
Aug 3, 2023
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote...
Critical
Unreviewed
CVE-2023-35078
was published
Jul 25, 2023
OpenAM vulnerable to user impersonation using SAMLv1.x SSO process
Critical
CVE-2023-37471
was published
for
org.openidentityplatform.openam:openam-federation-library
(Maven)
Jul 20, 2023
In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web...
Critical
Unreviewed
CVE-2023-3638
was published
Jul 19, 2023
CasaOS contains weak JWT secrets
Critical
CVE-2023-37266
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Jul 17, 2023
SonicWall GMS and Analytics CAS Web Services application use static values for authentication...
Critical
Unreviewed
CVE-2023-34137
was published
Jul 13, 2023
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks,...
Critical
Unreviewed
CVE-2023-34124
was published
Jul 13, 2023
ProTip!
Advisories are also available from the
GraphQL API