GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
813 advisories
Filter by severity
Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An...
High
Unreviewed
CVE-2023-32460
was published
Dec 8, 2023
NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port...
Critical
Unreviewed
CVE-2023-49693
was published
Nov 30, 2023
The FACSChorus workstation operating system does not restrict what devices can interact with its...
Moderate
Unreviewed
CVE-2023-29060
was published
Nov 28, 2023
The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots,...
Low
Unreviewed
CVE-2023-29063
was published
Nov 28, 2023
There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to...
Moderate
Unreviewed
CVE-2023-29061
was published
Nov 28, 2023
Lack of authentication vulnerability. An unauthenticated local user is able to see through the...
Moderate
Unreviewed
CVE-2023-3104
was published
Nov 22, 2023
Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet...
Critical
Unreviewed
CVE-2023-42770
was published
Nov 21, 2023
Missing authentication for critical function vulnerability in First Corporation's DVRs allows a...
Critical
Unreviewed
CVE-2023-47674
was published
Nov 16, 2023
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware...
Critical
Unreviewed
CVE-2023-34060
was published
Nov 14, 2023
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of...
Moderate
Unreviewed
CVE-2023-46096
was published
Nov 14, 2023
Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin....
Moderate
Unreviewed
CVE-2023-46819
was published
Nov 10, 2023
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3...
High
Unreviewed
CVE-2023-46381
was published
Nov 5, 2023
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation...
High
Unreviewed
CVE-2022-43555
was published
Nov 3, 2023
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation...
High
Unreviewed
CVE-2022-43554
was published
Nov 3, 2023
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an...
Critical
Unreviewed
CVE-2023-41351
was published
Nov 3, 2023
TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can...
High
Unreviewed
CVE-2023-46978
was published
Oct 31, 2023
Undisclosed requests may bypass configuration utility authentication, allowing an attacker...
Critical
Unreviewed
CVE-2023-46747
was published
Oct 26, 2023
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura...
High
Unreviewed
CVE-2023-40401
was published
Oct 25, 2023
An authentication issue was addressed with improved state management. This issue is fixed in...
Moderate
Unreviewed
CVE-2023-42845
was published
Oct 25, 2023
The Android Client application, when enrolled with the define method 1(the user manually inserts...
High
Unreviewed
CVE-2023-45220
was published
Oct 25, 2023
The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker...
High
Unreviewed
CVE-2023-45851
was published
Oct 25, 2023
A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius...
Critical
Unreviewed
CVE-2023-39930
was published
Oct 25, 2023
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring...
Moderate
Unreviewed
CVE-2023-39231
was published
Oct 25, 2023
The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to...
High
Unreviewed
CVE-2023-41255
was published
Oct 25, 2023
Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows...
Moderate
Unreviewed
CVE-2023-26579
was published
Oct 25, 2023
ProTip!
Advisories are also available from the
GraphQL API