GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
207 advisories
Filter by severity
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a
allows remote...
Critical
Unreviewed
CVE-2023-31424
was published
Aug 31, 2023
The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor's IP from...
Moderate
Unreviewed
CVE-2022-1601
was published
Aug 30, 2023
The foundry campaigns service was found to be vulnerable to an unauthenticated information...
Moderate
Unreviewed
CVE-2023-30950
was published
Aug 4, 2023
AMI SPx contains a vulnerability in BMC where a User may cause an authentication bypass by...
High
Unreviewed
CVE-2023-34329
was published
Jul 18, 2023
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate...
High
Unreviewed
CVE-2022-32747
was published
Jul 6, 2023
Vulnerability of identity verification being bypassed in the Gallery module. Successful...
Critical
Unreviewed
CVE-2022-48513
was published
Jul 6, 2023
An authentication bypass issue via spoofing was discovered in the token-based authentication...
Critical
Unreviewed
CVE-2023-22814
was published
Jul 1, 2023
** UNSUPPPORTED WHEN ASSIGNED **
** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an...
Critical
Unreviewed
CVE-2023-3243
was published
Jun 28, 2023
Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For...
Critical
Unreviewed
CVE-2021-25827
was published
Jun 28, 2023
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this...
Moderate
Unreviewed
CVE-2023-34158
was published
Jun 19, 2023
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this...
Moderate
Unreviewed
CVE-2023-34167
was published
Jun 19, 2023
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this...
Moderate
Unreviewed
CVE-2023-34160
was published
Jun 19, 2023
There is a traffic hijacking vulnerability in Huawei routers. Successful exploitation of this...
Moderate
Unreviewed
CVE-2022-48469
was published
Jun 16, 2023
Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS...
Critical
Unreviewed
CVE-2023-2807
was published
Jun 13, 2023
Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were...
High
Unreviewed
CVE-2022-36331
was published
Jun 12, 2023
A missing delay in popup notifications could have made it possible for an attacker to trick a...
High
Unreviewed
CVE-2023-32207
was published
Jun 2, 2023
A lack of in app notification for entering fullscreen mode could have lead to a malicious website...
High
Unreviewed
CVE-2023-25743
was published
Jun 2, 2023
Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This...
Critical
Unreviewed
CVE-2023-2887
was published
May 25, 2023
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept...
High
Unreviewed
CVE-2022-47522
was published
Apr 15, 2023
The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to...
Moderate
Unreviewed
CVE-2023-0816
was published
Mar 27, 2023
The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to...
High
Unreviewed
CVE-2022-4550
was published
Feb 27, 2023
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Moderate
Unreviewed
CVE-2023-21794
was published
Feb 14, 2023
Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series...
High
Unreviewed
CVE-2022-40269
was published
Feb 2, 2023
The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP...
High
Unreviewed
CVE-2022-4303
was published
Jan 23, 2023
The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from...
High
Unreviewed
CVE-2022-4746
was published
Jan 23, 2023
ProTip!
Advisories are also available from the
GraphQL API