GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
A vulnerability was found in Quay, which allows successful authentication even when a truncated...
Moderate
Unreviewed
CVE-2024-9683
was published
Oct 17, 2024
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone...
Moderate
Unreviewed
CVE-2024-20463
was published
Oct 16, 2024
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs...
Moderate
Unreviewed
CVE-2024-5957
was published
Sep 5, 2024
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain...
Moderate
Unreviewed
CVE-2024-5956
was published
Sep 5, 2024
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1...
Moderate
Unreviewed
CVE-2024-4784
was published
Aug 8, 2024
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient...
Moderate
Unreviewed
CVE-2024-37085
was published
Jun 25, 2024
Navidrome uses MD5 hashing algorithm
Moderate
CVE-2024-41259
was published
for
github.com/navidrome/navidrome
(Go)
Aug 1, 2024
PrivateBin allows shortening of URLs for other domains
Moderate
CVE-2024-39899
was published
for
privatebin/privatebin
(Composer)
Jul 10, 2024
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
An attacker with write access to...
Moderate
Unreviewed
CVE-2024-38433
was published
Jul 11, 2024
An authentication bypass vulnerability exists in libcurl v8.0.0 where it reuses a previously...
Moderate
Unreviewed
CVE-2023-27538
was published
Mar 30, 2023
The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and...
Moderate
Unreviewed
CVE-2023-4939
was published
Oct 21, 2023
Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn...
Moderate
Unreviewed
CVE-2023-4498
was published
Sep 6, 2023
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could...
Moderate
Unreviewed
CVE-2023-28126
was published
May 10, 2023
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID...
Moderate
Unreviewed
CVE-2022-40723
was published
Apr 25, 2023
Dapr API token authentication bypass in HTTP endpoints
Moderate
CVE-2023-37918
was published
for
github.com/dapr/dapr
(Go)
Jul 21, 2023
A flaw was found in Samba, all versions starting samba 4.5.0 until samba 4.9.15, samba 4.10.10,...
Moderate
Unreviewed
CVE-2019-14833
was published
May 24, 2022
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass...
Moderate
Unreviewed
CVE-2022-3100
was published
Jan 18, 2023
ProTip!
Advisories are also available from the
GraphQL API