GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
83 advisories
Filter by severity
Symfony's `Security::login` does not take into account custom `user_checker`
Low
CVE-2024-50341
was published
for
symfony/security-bundle
(Composer)
Nov 6, 2024
gitsign may use incorrect Rekor entries during verification
Low
CVE-2024-51746
was published
for
github.com/sigstore/gitsign
(Go)
Nov 5, 2024
Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs
Low
CVE-2024-49755
was published
for
Duende.IdentityServer
(NuGet)
Oct 28, 2024
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space...
Low
Unreviewed
CVE-2024-41829
was published
Jul 22, 2024
An issue was discovered in Samsung Mobile Processor, Automotive Processor, and Modem Exynos 9820,...
Low
Unreviewed
CVE-2023-50804
was published
Jun 5, 2024
A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects...
Low
Unreviewed
CVE-2024-5044
was published
May 17, 2024
Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This...
Low
Unreviewed
CVE-2024-3487
was published
May 15, 2024
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and...
Low
Unreviewed
CVE-2024-27835
was published
May 14, 2024
Keycloak vulnerable to impersonation via logout token exchange
Low
CVE-2023-0657
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
The Operating System hosting the FACSChorus application is configured to allow transmission of...
Low
Unreviewed
CVE-2023-29062
was published
Nov 28, 2023
Jetty's OpenId Revoked authentication allows one request
Low
CVE-2023-41900
was published
for
org.eclipse.jetty:jetty-openid
(Maven)
Sep 15, 2023
Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to...
Low
Unreviewed
CVE-2023-30711
was published
Sep 6, 2023
Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows...
Low
Unreviewed
CVE-2023-30724
was published
Sep 6, 2023
Dell BIOS contains an improper authentication vulnerability. A malicious user with physical...
Low
Unreviewed
CVE-2023-32453
was published
Aug 16, 2023
PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023...
Low
Unreviewed
CVE-2023-30700
was published
Aug 10, 2023
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest...
Low
Unreviewed
CVE-2023-20867
was published
Jun 13, 2023
Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1...
Low
Unreviewed
CVE-2023-21487
was published
May 4, 2023
Denial of service due to unauthenticated API endpoint. The following products are affected:...
Low
Unreviewed
CVE-2022-45456
was published
Apr 26, 2023
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura...
Low
Unreviewed
CVE-2023-23493
was published
Feb 27, 2023
There is an improper authentication vulnerability in Pandora FMS v764. The application verifies...
Low
Unreviewed
CVE-2022-43978
was published
Jan 28, 2023
Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD...
Low
Unreviewed
CVE-2022-45430
was published
Dec 27, 2022
Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote...
Low
Unreviewed
CVE-2022-45433
was published
Dec 27, 2022
parse-server auth adapter app ID validation can be circumvented
Low
CVE-2022-39231
was published
for
parse-server
(npm)
Sep 21, 2022
Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical...
Low
Unreviewed
CVE-2022-33720
was published
Aug 6, 2022
ProTip!
Advisories are also available from the
GraphQL API