Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

63 advisories

Loading
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise... High Unreviewed
CVE-2024-29851 was published May 23, 2024
django-mfa2 vulnerable to MFA Replay attack High
CVE-2022-42731 was published for django-mfa2 (pip) Oct 11, 2022
The session hijacking attack targets the application layer's control mechanism, which manages... High Unreviewed
CVE-2024-43099 was published Sep 13, 2024
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an... High Unreviewed
CVE-2023-0036 was published Jan 9, 2023
softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has... High Unreviewed
CVE-2023-0035 was published Jan 9, 2023
An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the... High Unreviewed
CVE-2024-3982 was published Aug 27, 2024
There exists a vulnerability in Quickshare/Nearby where an attacker can bypass the accept file... High Unreviewed
CVE-2024-38272 was published Jun 26, 2024
An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and... High Unreviewed
CVE-2024-38890 was published Aug 2, 2024
Veeam Backup Enterprise Manager allows account takeover via NTLM relay. High Unreviewed
CVE-2024-29850 was published May 23, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass High
CVE-2024-34065 was published for @strapi/plugin-users-permissions (npm) Jun 12, 2024
Eventyret iarce-qb
derrickmehaffy innerdvations alexandrebodin
LinOTP replay vulnerability with auto resynchronization enabled for TOTP token High
CVE-2019-12887 was published for LinOTP (pip) May 24, 2022
SaltStack Salt Authentication Bypass by Capture-replay High
CVE-2022-22936 was published for salt (pip) Mar 30, 2022
Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an... High Unreviewed
CVE-2022-25836 was published Jul 6, 2023
ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation... High Unreviewed
CVE-2023-34625 was published Jul 20, 2023
Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an... High Unreviewed
CVE-2022-25837 was published Jul 6, 2023
Vulnerability of identity verification being bypassed in the storage module. Successful... High Unreviewed
CVE-2022-48507 was published Jul 6, 2023
Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access... High Unreviewed
CVE-2023-31763 was published May 24, 2023
Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows... High Unreviewed
CVE-2023-31761 was published May 24, 2023
Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full... High Unreviewed
CVE-2023-31759 was published May 24, 2023
Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows... High Unreviewed
CVE-2023-31762 was published May 24, 2023
The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to... High Unreviewed
CVE-2023-46892 was published Jan 23, 2024
Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3... High Unreviewed
CVE-2022-46480 was published Dec 5, 2023
Authentication Bypass by Capture-replay in Apache Spark High
CVE-2021-38296 was published for org.apache.spark:spark-core (Maven) Mar 11, 2022
AlmogApiiro
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor with man-in... High Unreviewed
CVE-2023-20900 was published Aug 31, 2023
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X... High Unreviewed
CVE-2023-39547 was published Nov 17, 2023
ProTip! Advisories are also available from the GraphQL API