GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,179 advisories
Filter by severity
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated...
Moderate
Unreviewed
CVE-2023-49646
was published
Dec 14, 2023
Lunary Improper Authentication vulnerability
Moderate
CVE-2024-6582
was published
for
lunary
(npm)
Sep 13, 2024
Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit
Moderate
CVE-2024-8642
was published
for
org.eclipse.edc:transfer-data-plane
(Maven)
Sep 11, 2024
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation...
Moderate
Unreviewed
CVE-2023-43582
was published
Nov 15, 2023
An authentication issue was addressed with improved state management. This issue is fixed in iOS...
Moderate
Unreviewed
CVE-2024-44202
was published
Sep 17, 2024
This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and...
Moderate
Unreviewed
CVE-2024-44127
was published
Sep 17, 2024
Django Middleware Enables Session Hijacking
Moderate
CVE-2014-0482
was published
for
Django
(pip)
May 14, 2022
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability
Moderate
CVE-2024-46943
was published
for
org.opendaylight.aaa:aaa-artifacts
(Maven)
Sep 16, 2024
Ghost's improper authentication allows access to member information and actions
Moderate
CVE-2024-43409
was published
for
@tryghost/portal
(npm)
Aug 20, 2024
Session key exposure through session list in Django User Sessions
Moderate
CVE-2020-5224
was published
for
django-user-sessions
(pip)
Jan 24, 2020
A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is...
Moderate
Unreviewed
CVE-2023-40660
was published
Nov 6, 2023
A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart...
Moderate
Unreviewed
CVE-2023-25493
was published
Apr 5, 2024
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Sensitive information disclosure and manipulation due to improper authentication. The following...
Moderate
Unreviewed
CVE-2023-44152
was published
Sep 27, 2023
An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a...
Moderate
Unreviewed
CVE-2024-30939
was published
Apr 25, 2024
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs...
Moderate
Unreviewed
CVE-2024-5957
was published
Sep 5, 2024
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain...
Moderate
Unreviewed
CVE-2024-5956
was published
Sep 5, 2024
An improper authentication vulnerability has been reported to affect Music Station. If exploited,...
Moderate
Unreviewed
CVE-2023-45038
was published
Sep 6, 2024
ZZCMS 2023 contains a vulnerability in the captcha reuse logic located in /inc/function.php. The...
Moderate
Unreviewed
CVE-2024-44821
was published
Sep 4, 2024
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor...
Moderate
Unreviewed
CVE-2024-7745
was published
Aug 28, 2024
The PixelYourSite – Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for...
Moderate
Unreviewed
CVE-2024-7870
was published
Sep 4, 2024
Ansible password prompts could expose passwords
Moderate
CVE-2019-14856
was published
for
ansible
(pip)
May 24, 2022
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow...
Moderate
Unreviewed
CVE-2024-42164
was published
Aug 12, 2024
Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows...
Moderate
Unreviewed
CVE-2022-4861
was published
Dec 30, 2022
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1...
Moderate
Unreviewed
CVE-2024-4784
was published
Aug 8, 2024
ProTip!
Advisories are also available from the
GraphQL API