Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

783 advisories

Loading
A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A... Critical Unreviewed
CVE-2024-2873 was published Mar 26, 2024
This vulnerability allows remote attackers to reset the password of anonymous users without... Critical Unreviewed
CVE-2024-2862 was published Mar 25, 2024
Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication... Critical Unreviewed
CVE-2024-1147 was published Mar 21, 2024
Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication... Critical Unreviewed
CVE-2024-1148 was published Mar 21, 2024
CWE-287: Improper Authentication may allow Authentication Bypass Critical Unreviewed
CVE-2024-27767 was published Mar 18, 2024
An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in... Critical Unreviewed
CVE-2024-0799 was published Mar 13, 2024
An improper authentication vulnerability has been reported to affect several QNAP operating... Critical Unreviewed
CVE-2024-21899 was published Mar 8, 2024
JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are... Critical Unreviewed
CVE-2023-42662 was published Mar 7, 2024
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware... Critical Unreviewed
CVE-2024-22245 was published Feb 20, 2024
Adobe Framemaker versions 2022.1 and earlier are affected by an Improper Authentication... Critical Unreviewed
CVE-2024-20738 was published Feb 15, 2024
Microsoft Exchange Server Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2024-21410 was published Feb 13, 2024
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the... Critical Unreviewed
CVE-2024-24496 was published Feb 8, 2024
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature... Critical Unreviewed
CVE-2024-22394 was published Feb 8, 2024
Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if... Critical Unreviewed
CVE-2024-1039 was published Feb 2, 2024
An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An... Critical Unreviewed
CVE-2024-23629 was published Jan 26, 2024
An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation... Critical Unreviewed
CVE-2024-0822 was published Jan 25, 2024
The authentication mechanism can be bypassed by overflowing the value of the Cookie ... Critical Unreviewed
CVE-2023-49262 was published Jan 12, 2024
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication... Critical Unreviewed
CVE-2023-50919 was published Jan 12, 2024
Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full... Critical Unreviewed
CVE-2023-51717 was published Jan 9, 2024
An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value... Critical Unreviewed
CVE-2022-34267 was published Dec 25, 2023
There is broken access control during authentication in Jamf Pro Server before 10.46.1. Critical Unreviewed
CVE-2023-31224 was published Dec 25, 2023
The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due... Critical Unreviewed
CVE-2023-6483 was published Dec 22, 2023
A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as... Critical Unreviewed
CVE-2023-6907 was published Dec 20, 2023
Authentication bypass vulnerability in Amazing Little Poll affecting versions 1.3 and 1.4. This... Critical Unreviewed
CVE-2023-6768 was published Dec 20, 2023
An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with... Critical Unreviewed
CVE-2023-43742 was published Dec 8, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database