GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,394 advisories
Filter by severity
Improper Authentication in FreeTAKServer
High
CVE-2022-25508
was published
for
FreeTAKServer
(pip)
Mar 12, 2022
Improper Authentication in Flask-AppBuilder
High
CVE-2021-41265
was published
for
Flask-AppBuilder
(pip)
Dec 9, 2021
Potential bypass of an upstream access control based on URL paths in Django
High
CVE-2021-44420
was published
for
Django
(pip)
Dec 9, 2021
Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310...
High
Unreviewed
CVE-2023-42771
was published
Oct 3, 2023
There is a difficult to exploit improper authentication issue in the Home application for Esri...
High
Unreviewed
CVE-2024-25699
was published
Apr 4, 2024
Mautic vulnerable to Improper Access Control in UI upgrade process
High
CVE-2022-25768
was published
for
mautic/core
(Composer)
Sep 18, 2024
Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA...
High
Unreviewed
CVE-2024-41929
was published
Sep 18, 2024
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
High
Unreviewed
CVE-2023-21841
was published
Jan 18, 2023
Improper Authentication in django-mfa3
High
CVE-2022-24857
was published
for
django-mfa3
(pip)
Apr 22, 2022
Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's...
High
Unreviewed
CVE-2021-45036
was published
Nov 28, 2022
HashiCorp Vault Authentication bypass
High
CVE-2020-16251
was published
for
github.com/hashicorp/vault
(Go)
Jan 31, 2024
CrateDB authentication bypass vulnerability
High
CVE-2023-51982
was published
for
crate
(Maven)
Jan 30, 2024
botframework-connector vulnerable to Improper Authentication
High
GHSA-cqff-fx2x-p86v
was published
for
botframework-connector
(pip)
Mar 8, 2021
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication...
High
Unreviewed
CVE-2024-45113
was published
Sep 13, 2024
SaToken authentication bypass vulnerability
High
CVE-2023-43961
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
Sensitive information disclosure and manipulation due to improper authentication. The following...
High
Unreviewed
CVE-2023-45246
was published
Oct 6, 2023
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-38225
was published
Sep 10, 2024
A vulnerability that allows a user who has been assigned a low-privileged role within Veeam...
High
Unreviewed
CVE-2024-40713
was published
Sep 7, 2024
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an...
High
Unreviewed
CVE-2023-0036
was published
Jan 9, 2023
softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has...
High
Unreviewed
CVE-2023-0035
was published
Jan 9, 2023
fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be...
High
Unreviewed
CVE-2024-37408
was published
Jun 8, 2024
CKAN contains Improper Authentication leading to account takeover
High
CVE-2022-43685
was published
for
ckan
(pip)
Nov 22, 2022
Netskope was notified about a security gap in Netskope Client enrollment process where NSClient...
High
Unreviewed
CVE-2024-7401
was published
Aug 26, 2024
Host name validation for TLS certificates is bypassed when the installed OpenEdge default...
High
Unreviewed
CVE-2024-7346
was published
Sep 3, 2024
ProTip!
Advisories are also available from the
GraphQL API