GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,161
Erlang
30
GitHub Actions
19
Go
1,966
Maven
5,000+
npm
3,694
NuGet
653
pip
3,311
Pub
11
RubyGems
881
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+
46 advisories
Filter by severity
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to...
High
Unreviewed
CVE-2023-43045
was published
Oct 23, 2023
WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive...
High
Unreviewed
CVE-2023-46319
was published
Oct 23, 2023
Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310...
High
Unreviewed
CVE-2023-42771
was published
Oct 3, 2023
kube-apiserver authentication bypass vulnerability
High
CVE-2023-1260
was published
for
github.com/openshift/apiserver-library-go
(Go)
Sep 24, 2023
The iBoot device’s basic discovery protocol assists in initial device configuration. The...
High
Unreviewed
CVE-2022-47320
was published
Jul 6, 2023
The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to,...
High
Unreviewed
CVE-2023-2546
was published
Jun 6, 2023
A proprietary protocol for iBoot devices is used for control and keepalive commands. The function...
High
Unreviewed
CVE-2022-47311
was published
May 23, 2023
An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer...
High
Unreviewed
CVE-2023-31152
was published
May 10, 2023
Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie
High
CVE-2015-8314
was published
for
devise
(RubyGems)
Jan 26, 2023
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus...
High
Unreviewed
CVE-2022-47578
was published
Dec 20, 2022
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard
High
CVE-2022-36093
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Sep 16, 2022
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service...
High
Unreviewed
CVE-2022-2031
was published
Aug 26, 2022
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's...
High
Unreviewed
CVE-2021-35530
was published
Jun 8, 2022
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected...
High
Unreviewed
CVE-2020-27865
was published
May 24, 2022
This vulnerability allows network-adjacent attackers to bypass authentication on affected...
High
Unreviewed
CVE-2020-27866
was published
May 24, 2022
Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to...
High
Unreviewed
CVE-2019-13526
was published
May 24, 2022
glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster...
High
Unreviewed
CVE-2018-10841
was published
May 13, 2022
Use of static encryption key material allows forging an authentication token to other users...
High
Unreviewed
CVE-2022-23724
was published
May 5, 2022
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service...
High
Unreviewed
CVE-2022-22189
was published
Apr 15, 2022
The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires...
High
Unreviewed
CVE-2021-33017
was published
Dec 28, 2021
Authentication Bypass Using an Alternate Path or Channel and Authentication Bypass by Primary Weakness in rucio-webui
High
GHSA-v988-828w-xvf2
was published
for
rucio-webui
(pip)
Oct 22, 2021
ProTip!
Advisories are also available from the
GraphQL API