GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
273 advisories
Filter by severity
IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP...
High
Unreviewed
CVE-2023-31594
was published
May 25, 2023
Missing Authentication for critical function vulnerability in HYPR Server allows Authentication...
High
Unreviewed
CVE-2023-1837
was published
May 23, 2023
Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with...
High
Unreviewed
CVE-2023-23444
was published
May 12, 2023
Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which...
High
Unreviewed
CVE-2023-22441
was published
May 10, 2023
Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0...
High
Unreviewed
CVE-2023-23906
was published
May 10, 2023
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause...
High
Unreviewed
CVE-2023-29413
was published
Apr 18, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
High
Unreviewed
CVE-2023-21979
was published
Apr 18, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
High
Unreviewed
CVE-2023-21931
was published
Apr 18, 2023
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. This...
High
Unreviewed
CVE-2023-27747
was published
Apr 13, 2023
This vulnerability allows network-adjacent attackers to bypass authentication on affected...
High
Unreviewed
CVE-2022-27645
was published
Mar 29, 2023
When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal...
High
Unreviewed
CVE-2020-14140
was published
Mar 29, 2023
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server...
High
Unreviewed
CVE-2023-27980
was published
Mar 21, 2023
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the...
High
Unreviewed
CVE-2023-27532
was published
Mar 11, 2023
LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform...
High
Unreviewed
CVE-2023-22803
was published
Feb 15, 2023
The bundle management module lacks authentication and control mechanisms in some APIs. Successful...
High
Unreviewed
CVE-2022-48288
was published
Feb 9, 2023
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this...
High
Unreviewed
CVE-2022-48299
was published
Feb 9, 2023
The bundle management module lacks authentication and control mechanisms in some APIs. Successful...
High
Unreviewed
CVE-2022-48289
was published
Feb 9, 2023
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this...
High
Unreviewed
CVE-2022-48300
was published
Feb 9, 2023
Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07...
High
Unreviewed
CVE-2022-43761
was published
Feb 8, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web...
High
Unreviewed
CVE-2023-21842
was published
Jan 18, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
High
Unreviewed
CVE-2023-21837
was published
Jan 18, 2023
Vulnerability in the Oracle iSetup product of Oracle E-Business Suite (component: General Ledger...
High
Unreviewed
CVE-2023-21856
was published
Jan 18, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
High
Unreviewed
CVE-2023-21839
was published
Jan 18, 2023
NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing...
High
Unreviewed
CVE-2022-42275
was published
Jan 13, 2023
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with...
High
Unreviewed
CVE-2022-42276
was published
Jan 13, 2023
ProTip!
Advisories are also available from the
GraphQL API