Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,394 advisories

Loading
An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9... High Unreviewed
CVE-2024-4024 was published Apr 25, 2024
Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing... High Unreviewed
CVE-2023-47504 was published Apr 24, 2024
Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Accessing... High Unreviewed
CVE-2023-51471 was published Apr 24, 2024
phpMyAdmin Improper Authentication High
CVE-2018-12613 was published for phpmyadmin/phpmyadmin (Composer) May 13, 2022
Moodle Improper Authentication High
CVE-2018-1082 was published for moodle/moodle (Composer) May 13, 2022
Saltstack Salt Unauthenticated Arbitrary Code Execution High
CVE-2021-25315 was published for salt (pip) May 24, 2022
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api High
CVE-2017-5192 was published for salt (pip) May 17, 2022
Access Restriction Bypass in go-ldap High
CVE-2017-14623 was published for github.com/go-ldap/ldap (Go) Feb 15, 2022
Memory Corruption in Core due to secure memory access by user while loading modem image. High Unreviewed
CVE-2023-24852 was published Nov 14, 2023
Transient DOS due to improper authorization in Modem High Unreviewed
CVE-2022-40521 was published Jun 6, 2023
Improper Authentication in Jenkins High
CVE-2017-1000354 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Erroneous authentication pass in Spring Security High
CVE-2024-22257 was published for org.springframework.security:spring-security-core (Maven) Mar 18, 2024
Transient DOS due to improper authentication in modem while receiving plain TLB OTA request... High Unreviewed
CVE-2022-40536 was published Jun 6, 2023
Windows Kerberos Security Feature Bypass Vulnerability High Unreviewed
CVE-2024-21427 was published Mar 12, 2024
Microsoft Authenticator Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-21390 was published Mar 12, 2024
Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb... High Unreviewed
CVE-2023-27376 was published Oct 25, 2023
Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise... High Unreviewed
CVE-2019-11488 was published May 24, 2022
Unraid 6.8.0 allows authentication bypass. High Unreviewed
CVE-2020-5849 was published May 24, 2022
cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering... High Unreviewed
CVE-2016-10826 was published May 24, 2022
Improper authentication in the Intel(R) DCM software before version 5.1 may allow an... High Unreviewed
CVE-2022-44610 was published May 10, 2023
Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication.... High Unreviewed
CVE-2023-32202 was published Aug 24, 2023
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse... High Unreviewed
CVE-2023-27535 was published Mar 30, 2023
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which... High Unreviewed
CVE-2022-22576 was published May 27, 2022
Improper Authentication in Pivotal Spring-LDAP High
CVE-2017-8028 was published for org.springframework.ldap:spring-ldap-core (Maven) May 13, 2022
guidobonomi
Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1... High Unreviewed
CVE-2023-27257 was published Oct 25, 2023
ProTip! Advisories are also available from the GraphQL API