GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
814 advisories
Filter by severity
Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful...
Unknown
Unreviewed
CVE-2022-48621
was published
Feb 18, 2024
Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication...
High
Unreviewed
CVE-2023-40545
was published
Feb 6, 2024
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
Critical
Unreviewed
CVE-2024-23917
was published
Feb 6, 2024
MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote...
High
Unreviewed
CVE-2023-49115
was published
Feb 2, 2024
The MachineSense application programmable interface (API) is improperly protected and can be...
Critical
Unreviewed
CVE-2023-49617
was published
Feb 2, 2024
The cloud provider MachineSense uses for integration and deployment for multiple MachineSense...
High
Unreviewed
CVE-2023-6221
was published
Feb 2, 2024
Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for...
Moderate
Unreviewed
CVE-2024-22449
was published
Feb 1, 2024
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records
Moderate
CVE-2020-15136
was published
for
go.etcd.io/etcd
(Go)
Jan 31, 2024
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation...
High
Unreviewed
CVE-2023-6942
was published
Jan 30, 2024
An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An...
Critical
Unreviewed
CVE-2024-23618
was published
Jan 26, 2024
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote...
Critical
Unreviewed
CVE-2023-51947
was published
Jan 19, 2024
A missing authentication check in the WebSocket channel used for the Check Point IoT integration...
Moderate
Unreviewed
CVE-2023-5253
was published
Jan 15, 2024
An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions...
Moderate
Unreviewed
CVE-2023-51062
was published
Jan 13, 2024
NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication...
Moderate
Unreviewed
CVE-2023-31033
was published
Jan 12, 2024
The router console is accessible without authentication at "data" field, and while a user needs...
Critical
Unreviewed
CVE-2023-49255
was published
Jan 12, 2024
D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to...
Critical
Unreviewed
CVE-2023-51987
was published
Jan 11, 2024
D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to...
Critical
Unreviewed
CVE-2023-51989
was published
Jan 11, 2024
An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions)...
High
Unreviewed
CVE-2022-45794
was published
Jan 11, 2024
An authentication issue was addressed with improved state management. This issue is fixed in...
High
Unreviewed
CVE-2023-40393
was published
Jan 11, 2024
Microsoft Bluetooth Driver Spoofing Vulnerability
Moderate
Unreviewed
CVE-2024-21306
was published
Jan 9, 2024
Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect ...
High
Unreviewed
CVE-2023-5881
was published
Jan 3, 2024
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and...
Critical
Unreviewed
CVE-2023-29485
was published
Dec 21, 2023
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an...
High
Unreviewed
CVE-2023-6595
was published
Dec 14, 2023
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an...
Moderate
Unreviewed
CVE-2023-6368
was published
Dec 14, 2023
Unauthenticated db-file-storage views
Low
CVE-2023-50263
was published
for
nautobot
(pip)
Dec 13, 2023
ProTip!
Advisories are also available from the
GraphQL API