GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,184 advisories
Filter by severity
A vulnerability was found in pam_access due to the improper handling of tokens in access.conf,...
Moderate
Unreviewed
CVE-2024-10963
was published
Nov 7, 2024
A vulnerability was found in knightliao Disconf 2.6.36. It has been classified as critical. This...
Moderate
Unreviewed
CVE-2024-10620
was published
Nov 1, 2024
A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this...
Moderate
Unreviewed
CVE-2024-10173
was published
Oct 20, 2024
In the goTenna Pro there is a vulnerability that makes it possible to inject any custom message...
Moderate
Unreviewed
CVE-2024-47127
was published
Sep 26, 2024
Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials
Moderate
CVE-2024-45042
was published
for
github.com/ory/kratos
(Go)
Sep 26, 2024
An authentication issue was addressed with improved state management. This issue is fixed in iOS...
Moderate
Unreviewed
CVE-2024-44202
was published
Sep 17, 2024
This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and...
Moderate
Unreviewed
CVE-2024-44127
was published
Sep 17, 2024
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability
Moderate
CVE-2024-46943
was published
for
org.opendaylight.aaa:aaa-artifacts
(Maven)
Sep 16, 2024
Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit
Moderate
CVE-2024-8642
was published
for
org.eclipse.edc:transfer-data-plane
(Maven)
Sep 11, 2024
An improper authentication vulnerability has been reported to affect Music Station. If exploited,...
Moderate
Unreviewed
CVE-2023-45038
was published
Sep 6, 2024
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain...
Moderate
Unreviewed
CVE-2024-5956
was published
Sep 5, 2024
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs...
Moderate
Unreviewed
CVE-2024-5957
was published
Sep 5, 2024
ZZCMS 2023 contains a vulnerability in the captcha reuse logic located in /inc/function.php. The...
Moderate
Unreviewed
CVE-2024-44821
was published
Sep 4, 2024
The PixelYourSite – Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for...
Moderate
Unreviewed
CVE-2024-7870
was published
Sep 4, 2024
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor...
Moderate
Unreviewed
CVE-2024-7745
was published
Aug 28, 2024
Ghost's improper authentication allows access to member information and actions
Moderate
CVE-2024-43409
was published
for
@tryghost/portal
(npm)
Aug 20, 2024
Spring Security Missing Authorization vulnerability
Moderate
CVE-2024-38810
was published
for
org.springframework.security:spring-security-core
(Maven)
Aug 20, 2024
Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical...
Moderate
Unreviewed
CVE-2024-31800
was published
Aug 15, 2024
An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with...
Moderate
Unreviewed
CVE-2024-25157
was published
Aug 14, 2024
BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been...
Moderate
Unreviewed
CVE-2024-37028
was published
Aug 14, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'),...
Moderate
Unreviewed
CVE-2024-35775
was published
Aug 13, 2024
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow...
Moderate
Unreviewed
CVE-2024-42164
was published
Aug 12, 2024
s2n-tls's mTLS API ordering may skip client authentication
Moderate
GHSA-857q-xmph-p2v5
was published
for
s2n-tls
(Rust)
Aug 9, 2024
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1...
Moderate
Unreviewed
CVE-2024-4784
was published
Aug 8, 2024
An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a...
Moderate
Unreviewed
CVE-2024-34788
was published
Aug 7, 2024
ProTip!
Advisories are also available from the
GraphQL API