Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

363 advisories

Loading
An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an... High Unreviewed
CVE-2023-4857 was published Apr 15, 2024
Windows Update Stack Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-26235 was published Apr 9, 2024
A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in... High Unreviewed
CVE-2024-3281 was published Apr 9, 2024
Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service... High Unreviewed
CVE-2023-51571 was published Apr 2, 2024
Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before... High Unreviewed
CVE-2024-2450 was published Mar 15, 2024
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint High
CVE-2022-34321 was published for org.apache.pulsar:pulsar-proxy (Maven) Mar 12, 2024
oscerd
RPyC's missing security check results in code execution when using numpy.array on the server-side. High
CVE-2024-27758 was published for rpyc (pip) Mar 6, 2024
renbou comrumino
Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful... High Unreviewed
CVE-2022-48621 was published Feb 18, 2024
Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication... High Unreviewed
CVE-2023-40545 was published Feb 6, 2024
MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote... High Unreviewed
CVE-2023-49115 was published Feb 2, 2024
The cloud provider MachineSense uses for integration and deployment for multiple MachineSense... High Unreviewed
CVE-2023-6221 was published Feb 2, 2024
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation... High Unreviewed
CVE-2023-6942 was published Jan 30, 2024
An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions)... High Unreviewed
CVE-2022-45794 was published Jan 11, 2024
An authentication issue was addressed with improved state management. This issue is fixed in... High Unreviewed
CVE-2023-40393 was published Jan 11, 2024
Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect ... High Unreviewed
CVE-2023-5881 was published Jan 3, 2024
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an... High Unreviewed
CVE-2023-6595 was published Dec 14, 2023
Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An... High Unreviewed
CVE-2023-32460 was published Dec 8, 2023
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3... High Unreviewed
CVE-2023-46381 was published Nov 5, 2023
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation... High Unreviewed
CVE-2022-43555 was published Nov 3, 2023
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation... High Unreviewed
CVE-2022-43554 was published Nov 3, 2023
TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can... High Unreviewed
CVE-2023-46978 was published Oct 31, 2023
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura... High Unreviewed
CVE-2023-40401 was published Oct 25, 2023
The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker... High Unreviewed
CVE-2023-45851 was published Oct 25, 2023
The Android Client application, when enrolled with the define method 1(the user manually inserts... High Unreviewed
CVE-2023-45220 was published Oct 25, 2023
The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to... High Unreviewed
CVE-2023-41255 was published Oct 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database