GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
64 advisories
Filter by severity
Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security...
Critical
Unreviewed
CVE-2023-7103
was published
Mar 5, 2024
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all...
Critical
Unreviewed
CVE-2024-1403
was published
Feb 27, 2024
In telephony, there is a possible escalation of privilege due to a permissions bypass. This could...
High
Unreviewed
CVE-2024-20015
was published
Feb 5, 2024
Windows Kerberos Security Feature Bypass Vulnerability
Critical
Unreviewed
CVE-2024-20674
was published
Jan 9, 2024
Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS...
High
Unreviewed
CVE-2023-6998
was published
Dec 30, 2023
The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and...
Moderate
Unreviewed
CVE-2023-4939
was published
Oct 21, 2023
NATS.io: Adding accounts for just the system account adds auth bypass
High
CVE-2023-47090
was published
for
github.com/nats-io/nats-server/v2
(Go)
Oct 19, 2023
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior...
High
Unreviewed
CVE-2023-4898
was published
Sep 12, 2023
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1,...
High
Unreviewed
CVE-2023-36497
was published
Sep 11, 2023
Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn...
Moderate
Unreviewed
CVE-2023-4498
was published
Sep 6, 2023
ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an...
Critical
Unreviewed
CVE-2023-1935
was published
Aug 3, 2023
Dapr API token authentication bypass in HTTP endpoints
Moderate
CVE-2023-37918
was published
for
github.com/dapr/dapr
(Go)
Jul 21, 2023
Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS...
High
Unreviewed
CVE-2023-2959
was published
Jul 17, 2023
SonicWall GMS and Analytics CAS Web Services application use static values for authentication...
Critical
Unreviewed
CVE-2023-34137
was published
Jul 13, 2023
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks,...
Critical
Unreviewed
CVE-2023-34124
was published
Jul 13, 2023
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could...
Moderate
Unreviewed
CVE-2023-28126
was published
May 10, 2023
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID...
Moderate
Unreviewed
CVE-2022-40723
was published
Apr 25, 2023
Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router...
Critical
Unreviewed
CVE-2023-1833
was published
Apr 14, 2023
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse...
High
Unreviewed
CVE-2023-27535
was published
Mar 30, 2023
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature...
Critical
Unreviewed
CVE-2023-27536
was published
Mar 30, 2023
An authentication bypass vulnerability exists in libcurl v8.0.0 where it reuses a previously...
Moderate
Unreviewed
CVE-2023-27538
was published
Mar 30, 2023
Froxlor is vulnerable to authentication bypass
Critical
CVE-2023-1307
was published
for
froxlor/froxlor
(Composer)
Mar 10, 2023
Authentication Bypass in modoboa
Critical
CVE-2023-0777
was published
for
modoboa
(pip)
Feb 10, 2023
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass...
Moderate
Unreviewed
CVE-2022-3100
was published
Jan 18, 2023
golang-nanoauth authentication bypass vulnerability
Critical
CVE-2020-36569
was published
for
github.com/nanobox-io/golang-nanoauth
(Go)
Dec 28, 2022
ProTip!
Advisories are also available from the
GraphQL API