Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

69 advisories

Loading
Navidrome uses MD5 hashing algorithm Moderate
CVE-2024-41259 was published for github.com/navidrome/navidrome (Go) Aug 1, 2024
PrivateBin allows shortening of URLs for other domains Moderate
CVE-2024-39899 was published for privatebin/privatebin (Composer) Jul 10, 2024
nbxiglk0
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege... High Unreviewed
CVE-2024-6637 was published Jul 20, 2024
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to... Moderate Unreviewed
CVE-2024-38433 was published Jul 11, 2024
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with... High Unreviewed
CVE-2023-4727 was published Jun 11, 2024
In telephony, there is a possible escalation of privilege due to a permissions bypass. This could... High Unreviewed
CVE-2024-20015 was published Feb 5, 2024
The vulnerability allows attackers access to the root account without having to authenticate.... Critical Unreviewed
CVE-2023-41920 was published Jul 2, 2024
Windows Kerberos Security Feature Bypass Vulnerability Critical Unreviewed
CVE-2024-20674 was published Jan 9, 2024
MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function Critical Unreviewed
CVE-2024-36388 was published Jun 2, 2024
Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process High
CVE-2024-34077 was published for mantisbt/mantisbt (Composer) May 13, 2024
dregad redna-xela
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an... High Unreviewed
CVE-2024-20378 was published May 1, 2024
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature... Critical Unreviewed
CVE-2023-27536 was published Mar 30, 2023
An authentication bypass vulnerability exists in libcurl v8.0.0 where it reuses a previously... Moderate Unreviewed
CVE-2023-27538 was published Mar 30, 2023
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse... High Unreviewed
CVE-2023-27535 was published Mar 30, 2023
The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and... Moderate Unreviewed
CVE-2023-4939 was published Oct 21, 2023
Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn... Moderate Unreviewed
CVE-2023-4498 was published Sep 6, 2023
ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an... Critical Unreviewed
CVE-2023-1935 was published Aug 3, 2023
Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS... High Unreviewed
CVE-2023-2959 was published Jul 17, 2023
SonicWall GMS and Analytics CAS Web Services application use static values for authentication... Critical Unreviewed
CVE-2023-34137 was published Jul 13, 2023
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could... Moderate Unreviewed
CVE-2023-28126 was published May 10, 2023
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID... Moderate Unreviewed
CVE-2022-40723 was published Apr 25, 2023
Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows... Critical Unreviewed
CVE-2023-6153 was published Mar 27, 2024
Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication... Critical Unreviewed
CVE-2024-1202 was published Mar 21, 2024
Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security... Critical Unreviewed
CVE-2023-7103 was published Mar 5, 2024
Dapr API token authentication bypass in HTTP endpoints Moderate
CVE-2023-37918 was published for github.com/dapr/dapr (Go) Jul 21, 2023
ItalyPaleAle
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database