Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,179 advisories

Loading
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the... Moderate Unreviewed
CVE-2024-39723 was published Jul 8, 2024
Windows Remote Desktop Licensing Service Denial of Service Vulnerability Moderate Unreviewed
CVE-2024-38099 was published Jul 9, 2024
PocketBase performs password auth and OAuth2 unverified email linking Moderate
CVE-2024-38351 was published for github.com/pocketbase/pocketbase (Go) Jun 18, 2024
dalurness
Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers... Moderate Unreviewed
CVE-2024-20900 was published Jul 2, 2024
Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to... Moderate Unreviewed
CVE-2024-20890 was published Jul 2, 2024
Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair... Moderate Unreviewed
CVE-2024-20889 was published Jul 2, 2024
Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64... Moderate Unreviewed
CVE-2024-1573 was published Jul 4, 2024
An authentication issue was addressed with improved state management. This issue is fixed in... Moderate Unreviewed
CVE-2024-23251 was published Jun 10, 2024
An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header... Moderate Unreviewed
CVE-2024-34093 was published May 6, 2024
VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A... Moderate Unreviewed
CVE-2024-22247 was published Apr 2, 2024
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC Moderate
CVE-2022-23541 was published for jsonwebtoken (npm) Dec 22, 2022
Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly... Moderate Unreviewed
CVE-2024-37233 was published Jun 24, 2024
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() Moderate
CVE-2022-23540 was published for jsonwebtoken (npm) Dec 22, 2022
Firefly III has a MFA bypass in oauth flow Moderate
CVE-2024-37893 was published for grumpydictator/firefly-iii (Composer) Jun 17, 2024
Skelmis
Unauthenticated Access to sensitive settings in Argo CD Moderate
CVE-2024-37152 was published for github.com/argoproj/argo-cd/v2/server (Go) Jun 6, 2024
moshikoHassan
Apache Submarine Commons Utils has a hard-coded secret Moderate
CVE-2024-36264 was published for org.apache.submarine:submarine-commons-utils (Maven) Jun 12, 2024
Broken Authentication vulnerability in SoftLab Integrate Google Drive.This issue affects... Moderate Unreviewed
CVE-2024-35670 was published Jun 4, 2024
org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Improper Authentication vulnerability Moderate
CVE-2018-11770 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 9, 2018
Improper Authentication in CraftCMS two factor authentication plugin Moderate
CVE-2024-5658 was published for born05/craft-twofactorauthentication (Composer) Jun 6, 2024
Authentication Bypass in TYPO3 CMS Moderate
GHSA-6xh8-8pfv-53vx was published for typo3/cms (Composer) Jun 5, 2024
Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows... Moderate Unreviewed
CVE-2023-51511 was published Jun 4, 2024
Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing... Moderate Unreviewed
CVE-2023-47189 was published Jun 4, 2024
Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing... Moderate Unreviewed
CVE-2023-48747 was published Jun 4, 2024
Symfony may allow a user to switch to using another user's identity Moderate
GHSA-7mx2-7q8p-pgmw was published for symfony/symfony (Composer) May 30, 2024
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()` Moderate
GHSA-p5h2-vr99-xm99 was published for silverstripe/framework (Composer) May 27, 2024
ProTip! Advisories are also available from the GraphQL API