Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

873 advisories

Loading
Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is... Critical Unreviewed
CVE-2023-30603 was published Jul 6, 2023
An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR... Critical Unreviewed
CVE-2023-3127 was published Jul 12, 2023
The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows... Critical Unreviewed
CVE-2023-33274 was published Jul 12, 2023
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks,... Critical Unreviewed
CVE-2023-34124 was published Jul 13, 2023
SonicWall GMS and Analytics CAS Web Services application use static values for authentication... Critical Unreviewed
CVE-2023-34137 was published Jul 13, 2023
CasaOS contains weak JWT secrets Critical
CVE-2023-37266 was published for github.com/IceWhaleTech/CasaOS (Go) Jul 17, 2023
thomas-chauchefoin-sonarsource
In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web... Critical Unreviewed
CVE-2023-3638 was published Jul 19, 2023
OpenAM vulnerable to user impersonation using SAMLv1.x SSO process Critical
CVE-2023-37471 was published for org.openidentityplatform.openam:openam-federation-library (Maven) Jul 20, 2023
atorralba sylwia-budzynska
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote... Critical Unreviewed
CVE-2023-35078 was published Jul 25, 2023
ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an... Critical Unreviewed
CVE-2023-1935 was published Aug 3, 2023
A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage... Critical Unreviewed
CVE-2023-20214 was published Aug 4, 2023
Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default... Critical Unreviewed
CVE-2023-32090 was published Aug 7, 2023
EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication)... Critical Unreviewed
CVE-2023-40260 was published Aug 11, 2023
Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0,... Critical Unreviewed
CVE-2023-40253 was published Aug 11, 2023
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users... Critical Unreviewed
CVE-2023-35082 was published Aug 15, 2023
An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token. Critical Unreviewed
CVE-2023-39846 was published Aug 17, 2023
Inadequate validation of permissions when employing remote tools and macros within Devolutions... Critical Unreviewed
CVE-2023-4373 was published Aug 21, 2023
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation... Critical Unreviewed
CVE-2023-31242 was published Sep 5, 2023
A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application... Critical Unreviewed
CVE-2023-20238 was published Sep 6, 2023
An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to... Critical Unreviewed
CVE-2021-27715 was published Sep 8, 2023
An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to... Critical Unreviewed
CVE-2023-39069 was published Sep 12, 2023
User authentication with username and password credentials is ineffective in OpenText (Micro... Critical Unreviewed
CVE-2023-4501 was published Sep 12, 2023
** UNSUPPPORTED WHEN ASSIGNED ** Authentication Bypass by Assumed-Immutable Data vulnerability in... Critical Unreviewed
CVE-2023-4669 was published Sep 14, 2023
The vulnerability exists in Uniview IP Camera due to identification and authentication failure at... Critical Unreviewed
CVE-2023-0773 was published Sep 19, 2023
A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN... Critical Unreviewed
CVE-2023-20252 was published Sep 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database