GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
63 advisories
Filter by severity
A flaw was found in the skupper console, a read-only interface that renders cluster network,...
High
Unreviewed
CVE-2024-12582
was published
Dec 24, 2024
A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all...
Critical
Unreviewed
CVE-2021-26102
was published
Dec 19, 2024
TShock Security Escalation Exploit
High
GHSA-hvm9-wc8j-mgrc
was published
for
TShock
(NuGet)
Dec 18, 2024
A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an...
Critical
Unreviewed
CVE-2023-20154
was published
Nov 15, 2024
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service
Critical
CVE-2024-10082
was published
for
codechecker
(pip)
Nov 6, 2024
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless...
Critical
Unreviewed
CVE-2024-50478
was published
Oct 28, 2024
A vulnerability was found in Quay, which allows successful authentication even when a truncated...
Moderate
Unreviewed
CVE-2024-9683
was published
Oct 17, 2024
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone...
Moderate
Unreviewed
CVE-2024-20463
was published
Oct 16, 2024
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain...
Moderate
Unreviewed
CVE-2024-5956
was published
Sep 5, 2024
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs...
Moderate
Unreviewed
CVE-2024-5957
was published
Sep 5, 2024
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1...
Moderate
Unreviewed
CVE-2024-4784
was published
Aug 8, 2024
Navidrome uses MD5 hashing algorithm
Moderate
CVE-2024-41259
was published
for
github.com/navidrome/navidrome
(Go)
Aug 1, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege...
High
Unreviewed
CVE-2024-6637
was published
Jul 20, 2024
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
An attacker with write access to...
Moderate
Unreviewed
CVE-2024-38433
was published
Jul 11, 2024
PrivateBin allows shortening of URLs for other domains
Moderate
CVE-2024-39899
was published
for
privatebin/privatebin
(Composer)
Jul 10, 2024
The vulnerability allows attackers access to the root account without having to authenticate....
Critical
Unreviewed
CVE-2023-41920
was published
Jul 2, 2024
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient...
Moderate
Unreviewed
CVE-2024-37085
was published
Jun 25, 2024
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with...
High
Unreviewed
CVE-2023-4727
was published
Jun 11, 2024
MileSight DeviceHub -
CWE-305 Missing Authentication for Critical Function
Critical
Unreviewed
CVE-2024-36388
was published
Jun 2, 2024
Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process
High
CVE-2024-34077
was published
for
mantisbt/mantisbt
(Composer)
May 13, 2024
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an...
High
Unreviewed
CVE-2024-20378
was published
May 1, 2024
Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote...
Critical
Unreviewed
CVE-2024-3847
was published
Apr 17, 2024
Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows...
Critical
Unreviewed
CVE-2023-6153
was published
Mar 27, 2024
Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication...
Critical
Unreviewed
CVE-2024-1202
was published
Mar 21, 2024
Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security...
Critical
Unreviewed
CVE-2023-7103
was published
Mar 5, 2024
ProTip!
Advisories are also available from the
GraphQL API