Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,394 advisories

Loading
Mautic vulnerable to Improper Access Control in UI upgrade process High
CVE-2022-25768 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA... High Unreviewed
CVE-2024-41929 was published Sep 18, 2024
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication... High Unreviewed
CVE-2024-45113 was published Sep 13, 2024
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-38225 was published Sep 10, 2024
A vulnerability that allows a user who has been assigned a low-privileged role within Veeam... High Unreviewed
CVE-2024-40713 was published Sep 7, 2024
Host name validation for TLS certificates is bypassed when the installed OpenEdge default... High Unreviewed
CVE-2024-7346 was published Sep 3, 2024
Flowise Authentication Bypass vulnerability High
CVE-2024-8181 was published for flowise (npm) Aug 27, 2024
Netskope was notified about a security gap in Netskope Client enrollment process where NSClient... High Unreviewed
CVE-2024-7401 was published Aug 26, 2024
cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an unauthenticated attacker... High Unreviewed
CVE-2024-36444 was published Aug 22, 2024
Servision - CWE-287: Improper Authentication High Unreviewed
CVE-2024-42336 was published Aug 20, 2024
CVE-2024-6078 IMPACT An improper authentication vulnerability exists in the affected product,... High Unreviewed
CVE-2024-6078 was published Aug 14, 2024
Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote... High Unreviewed
CVE-2024-36132 was published Aug 7, 2024
RobotsAndPencils go-saml authentication bypass vulnerability High
CVE-2023-48703 was published for github.com/RobotsAndPencils/go-saml (Go) Aug 5, 2024
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow... High Unreviewed
CVE-2019-6198 was published Jul 31, 2024
A command injection vulnerability could allow an authenticated user to execute operating system... High Unreviewed
CVE-2022-4002 was published Jul 31, 2024
An authentication bypass vulnerability could allow an attacker to access API functions without... High Unreviewed
CVE-2022-4001 was published Jul 31, 2024
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow... High Unreviewed
CVE-2019-6197 was published Jul 31, 2024
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to... High Unreviewed
CVE-2024-6576 was published Jul 29, 2024
Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi... High Unreviewed
CVE-2024-7050 was published Jul 26, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information... High Unreviewed
CVE-2024-28992 was published Jul 17, 2024
The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass... High Unreviewed
CVE-2024-23465 was published Jul 17, 2024
Securepoint UTM before 12.6.5 mishandles OTP codes. High Unreviewed
CVE-2024-39340 was published Jul 12, 2024
Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when... High Unreviewed
CVE-2024-39830 was published Jul 3, 2024
In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using... High Unreviewed
CVE-2024-3826 was published Jul 2, 2024
Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass... High Unreviewed
CVE-2024-34596 was published Jul 2, 2024
ProTip! Advisories are also available from the GraphQL API