Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,435 advisories

Loading
IBM Storage Scale Container Native Storage Access 5.1.2.1 -through 5.1.7.0 could allow an... High Unreviewed
CVE-2022-41738 was published Feb 17, 2024
CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering of... High Unreviewed
CVE-2024-0568 was published Feb 14, 2024
A vulnerability has been identified in Polarion ALM (All versions). The REST API endpoints of... High Unreviewed
CVE-2024-23813 was published Feb 13, 2024
Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username... High Unreviewed
CVE-2024-25313 was published Feb 9, 2024
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with... High Unreviewed
CVE-2023-51761 was published Feb 9, 2024
Improper Authentication in HashiCorp Vault High
CVE-2021-3282 was published for github.com/hashicorp/vault (Go) Jan 31, 2024
HashiCorp Vault Authentication bypass High
CVE-2020-16251 was published for github.com/hashicorp/vault (Go) Jan 31, 2024
andrewpollock
CrateDB authentication bypass vulnerability High
CVE-2023-51982 was published for io.crate:crate (Maven) Jan 30, 2024
Tu0Laj1 proddata
Authentik vulnerable to PKCE downgrade attack High
CVE-2024-23647 was published for goauthentik.io (Go) Jan 29, 2024
pieterphilippaerts
A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as... High Unreviewed
CVE-2024-1006 was published Jan 29, 2024
HPE OneView may allow clusterService Authentication Bypass resulting in denial of service. High Unreviewed
CVE-2023-50275 was published Jan 23, 2024
Authorization vulnerability in the BootLoader module. Successful exploitation of this... High Unreviewed
CVE-2023-52111 was published Jan 16, 2024
EverShop vulnerable to improper authorization in GraphQL endpoints High
CVE-2023-46942 was published for @evershop/evershop (npm) Jan 13, 2024
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti... High Unreviewed
CVE-2023-46805 was published Jan 12, 2024
The vulnerability allows a remote attacker to access sensitive data inside exported packages or... High Unreviewed
CVE-2023-48257 was published Jan 10, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS... High Unreviewed
CVE-2022-48618 was published Jan 9, 2024
An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service.... High Unreviewed
CVE-2023-5376 was published Jan 9, 2024
A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This... High Unreviewed
CVE-2023-7210 was published Jan 7, 2024
Omniauth::MicrosoftGraph Account takeover (nOAuth) High
CVE-2024-21632 was published for omniauth-microsoft_graph (RubyGems) Jan 3, 2024
makuga01
Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to... High Unreviewed
CVE-2023-40038 was published Dec 27, 2023
Bentley eB System Management Console applications within Assetwise Integrity Information Server... High Unreviewed
CVE-2023-51708 was published Dec 22, 2023
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed... High Unreviewed
CVE-2023-6847 was published Dec 21, 2023
Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability High
CVE-2023-37544 was published for org.apache.pulsar:pulsar-websocket (Maven) Dec 20, 2023
Authentication bypass vulnerability in navidrome's subsonic endpoint High
CVE-2023-51442 was published for github.com/navidrome/navidrome (Go) Dec 19, 2023
crazygolem
** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet... High Unreviewed
CVE-2023-44252 was published Dec 13, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database