GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,179 advisories
Filter by severity
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
Moderate
GHSA-p5h2-vr99-xm99
was published
for
silverstripe/framework
(Composer)
May 27, 2024
jupyter-scheduler's endpoint is missing authentication
Moderate
CVE-2024-28188
was published
for
jupyter-scheduler
(pip)
May 23, 2024
Grafana when using email as a username can block other users from signing in
Moderate
CVE-2022-39229
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version...
Moderate
Unreviewed
CVE-2024-4601
was published
May 7, 2024
An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header...
Moderate
Unreviewed
CVE-2024-34093
was published
May 6, 2024
An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a...
Moderate
Unreviewed
CVE-2024-30939
was published
Apr 25, 2024
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
Moderate
CVE-2024-32868
was published
for
github.com/zitadel/zitadel
(Go)
Apr 25, 2024
Quarkus: authorization flaw in quarkus resteasy reactive and classic
Moderate
CVE-2023-5675
was published
for
io.quarkus:quarkus-resteasy-reactive-common
(Maven)
Apr 25, 2024
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions...
Moderate
Unreviewed
CVE-2024-1347
was published
Apr 25, 2024
Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site...
Moderate
Unreviewed
CVE-2023-25790
was published
Apr 24, 2024
Improper Authentication vulnerability in Repute Infosystems BookingPress allows Accessing...
Moderate
Unreviewed
CVE-2023-51405
was published
Apr 24, 2024
Keycloak vulnerable to session hijacking via re-authentication
Moderate
CVE-2023-6787
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Keycloak secondary factor bypass in step-up authentication
Moderate
CVE-2023-3597
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart...
Moderate
Unreviewed
CVE-2023-25493
was published
Apr 5, 2024
VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability.
A...
Moderate
Unreviewed
CVE-2024-22247
was published
Apr 2, 2024
REST service authentication anomaly with “valid username/no password” credential combination for...
Moderate
Unreviewed
CVE-2024-2244
was published
Mar 27, 2024
Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue...
Moderate
Unreviewed
CVE-2022-44595
was published
Mar 21, 2024
Improper Authentication in Spring Authorization Server
Moderate
CVE-2024-22258
was published
for
org.springframework.security:spring-security-oauth2-authorization-server
(Maven)
Mar 20, 2024
IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow a...
Moderate
Unreviewed
CVE-2023-46172
was published
Mar 7, 2024
A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an...
Moderate
Unreviewed
CVE-2024-20301
was published
Mar 6, 2024
An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication...
Moderate
Unreviewed
CVE-2023-38372
was published
Feb 29, 2024
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office...
Moderate
Unreviewed
CVE-2024-22395
was published
Feb 24, 2024
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a...
Moderate
Unreviewed
CVE-2023-52160
was published
Feb 22, 2024
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure...
Moderate
Unreviewed
CVE-2024-24698
was published
Feb 14, 2024
Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could...
Moderate
Unreviewed
CVE-2024-23806
was published
Feb 7, 2024
ProTip!
Advisories are also available from the
GraphQL API