Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

61 advisories

Loading
The impacted products, when configured to use SSO, are affected by an improper authentication... Critical Unreviewed
CVE-2021-43935 was published Dec 16, 2021
Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication... Critical Unreviewed
CVE-2021-27453 was published Dec 22, 2021
An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any... Critical Unreviewed
CVE-2021-43985 was published Dec 24, 2021
This vulnerability allows remote attackers to bypass authentication on affected installations of... Critical Unreviewed
CVE-2022-24047 was published Feb 19, 2022
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows... Critical Unreviewed
CVE-2022-0992 was published Apr 20, 2022
Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat Critical
CVE-2016-5018 was published for org.apache.tomcat.embed:tomcat-embed-jasper (Maven) May 13, 2022
sunSUNQ westonsteimel
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability.... Critical Unreviewed
CVE-2019-3758 was published May 24, 2022
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote... Critical Unreviewed
CVE-2020-10148 was published May 24, 2022
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new... Critical Unreviewed
CVE-2021-32967 was published May 24, 2022
ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated... Critical Unreviewed
CVE-2021-41292 was published May 24, 2022
Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an... Critical Unreviewed
CVE-2021-36308 was published May 24, 2022
SQL injection and file upload attacks are possible due to insufficient validation of input values... Critical Unreviewed
CVE-2021-26634 was published Jun 3, 2022
This vulnerability allows remote attackers to bypass authentication on affected installations of... Critical Unreviewed
CVE-2022-35869 was published Jul 26, 2022
Unauthorized access to Gateway user capabilities Critical Unreviewed
CVE-2022-27510 was published Nov 9, 2022
Even if the authentication fails for local service authentication, the requested command could... Critical Unreviewed
CVE-2022-46732 was published Jan 18, 2023
The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in... Critical Unreviewed
CVE-2023-2027 was published Apr 15, 2023
The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up... Critical Unreviewed
CVE-2023-2499 was published May 16, 2023
The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up... Critical Unreviewed
CVE-2023-2704 was published May 19, 2023
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed
CVE-2023-2734 was published May 25, 2023
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed
CVE-2023-2733 was published May 25, 2023
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed
CVE-2023-2732 was published May 25, 2023
The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication... Critical Unreviewed
CVE-2023-2781 was published Jun 3, 2023
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed
CVE-2020-36713 was published Jun 7, 2023
The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed
CVE-2020-36724 was published Jun 7, 2023
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication... Critical Unreviewed
CVE-2023-2986 was published Jun 8, 2023
ProTip! Advisories are also available from the GraphQL API