Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,887
Maven
5,000+
npm
3,602
NuGet
638
pip
3,205
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

53 advisories

Loading
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain... Moderate Unreviewed
CVE-2024-5956 was published Sep 5, 2024
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs... Moderate Unreviewed
CVE-2024-5957 was published Sep 5, 2024
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1... Moderate Unreviewed
CVE-2024-4784 was published Aug 8, 2024
Navidrome uses MD5 hashing algorithm Moderate
CVE-2024-41259 was published for github.com/navidrome/navidrome (Go) Aug 1, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege... High Unreviewed
CVE-2024-6637 was published Jul 20, 2024
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to... Moderate Unreviewed
CVE-2024-38433 was published Jul 11, 2024
PrivateBin allows shortening of URLs for other domains Moderate
CVE-2024-39899 was published for privatebin/privatebin (Composer) Jul 10, 2024
nbxiglk0
The vulnerability allows attackers access to the root account without having to authenticate.... Critical Unreviewed
CVE-2023-41920 was published Jul 2, 2024
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient... Moderate Unreviewed
CVE-2024-37085 was published Jun 25, 2024
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with... High Unreviewed
CVE-2023-4727 was published Jun 11, 2024
MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function Critical Unreviewed
CVE-2024-36388 was published Jun 2, 2024
Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process High
CVE-2024-34077 was published for mantisbt/mantisbt (Composer) May 13, 2024
dregad redna-xela
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an... High Unreviewed
CVE-2024-20378 was published May 1, 2024
Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote... Critical Unreviewed
CVE-2024-3847 was published Apr 17, 2024
Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows... Critical Unreviewed
CVE-2023-6153 was published Mar 27, 2024
Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication... Critical Unreviewed
CVE-2024-1202 was published Mar 21, 2024
Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security... Critical Unreviewed
CVE-2023-7103 was published Mar 5, 2024
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all... Critical Unreviewed
CVE-2024-1403 was published Feb 27, 2024
In telephony, there is a possible escalation of privilege due to a permissions bypass. This could... High Unreviewed
CVE-2024-20015 was published Feb 5, 2024
Windows Kerberos Security Feature Bypass Vulnerability Critical Unreviewed
CVE-2024-20674 was published Jan 9, 2024
The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and... Moderate Unreviewed
CVE-2023-4939 was published Oct 21, 2023
NATS.io: Adding accounts for just the system account adds auth bypass High
CVE-2023-47090 was published for github.com/nats-io/nats-server/v2 (Go) Oct 19, 2023
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior... High Unreviewed
CVE-2023-4898 was published Sep 12, 2023
Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn... Moderate Unreviewed
CVE-2023-4498 was published Sep 6, 2023
ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an... Critical Unreviewed
CVE-2023-1935 was published Aug 3, 2023
ProTip! Advisories are also available from the GraphQL API