Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

814 advisories

Loading
Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful... Unknown Unreviewed
CVE-2022-48621 was published Feb 18, 2024
Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication... High Unreviewed
CVE-2023-40545 was published Feb 6, 2024
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible Critical Unreviewed
CVE-2024-23917 was published Feb 6, 2024
MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote... High Unreviewed
CVE-2023-49115 was published Feb 2, 2024
The MachineSense application programmable interface (API) is improperly protected and can be... Critical Unreviewed
CVE-2023-49617 was published Feb 2, 2024
The cloud provider MachineSense uses for integration and deployment for multiple MachineSense... High Unreviewed
CVE-2023-6221 was published Feb 2, 2024
Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for... Moderate Unreviewed
CVE-2024-22449 was published Feb 1, 2024
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records Moderate
CVE-2020-15136 was published for go.etcd.io/etcd (Go) Jan 31, 2024
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation... High Unreviewed
CVE-2023-6942 was published Jan 30, 2024
An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An... Critical Unreviewed
CVE-2024-23618 was published Jan 26, 2024
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote... Critical Unreviewed
CVE-2023-51947 was published Jan 19, 2024
A missing authentication check in the WebSocket channel used for the Check Point IoT integration... Moderate Unreviewed
CVE-2023-5253 was published Jan 15, 2024
An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions... Moderate Unreviewed
CVE-2023-51062 was published Jan 13, 2024
NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication... Moderate Unreviewed
CVE-2023-31033 was published Jan 12, 2024
The router console is accessible without authentication at "data" field, and while a user needs... Critical Unreviewed
CVE-2023-49255 was published Jan 12, 2024
D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to... Critical Unreviewed
CVE-2023-51987 was published Jan 11, 2024
D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to... Critical Unreviewed
CVE-2023-51989 was published Jan 11, 2024
An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions)... High Unreviewed
CVE-2022-45794 was published Jan 11, 2024
An authentication issue was addressed with improved state management. This issue is fixed in... High Unreviewed
CVE-2023-40393 was published Jan 11, 2024
Microsoft Bluetooth Driver Spoofing Vulnerability Moderate Unreviewed
CVE-2024-21306 was published Jan 9, 2024
Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect ... High Unreviewed
CVE-2023-5881 was published Jan 3, 2024
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and... Critical Unreviewed
CVE-2023-29485 was published Dec 21, 2023
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an... High Unreviewed
CVE-2023-6595 was published Dec 14, 2023
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an... Moderate Unreviewed
CVE-2023-6368 was published Dec 14, 2023
Unauthenticated db-file-storage views Low
CVE-2023-50263 was published for nautobot (pip) Dec 13, 2023
Kircheneer
ProTip! Advisories are also available from the GraphQL API