GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
53 advisories
Filter by severity
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain...
Moderate
Unreviewed
CVE-2024-5956
was published
Sep 5, 2024
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs...
Moderate
Unreviewed
CVE-2024-5957
was published
Sep 5, 2024
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1...
Moderate
Unreviewed
CVE-2024-4784
was published
Aug 8, 2024
Navidrome uses MD5 hashing algorithm
Moderate
CVE-2024-41259
was published
for
github.com/navidrome/navidrome
(Go)
Aug 1, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege...
High
Unreviewed
CVE-2024-6637
was published
Jul 20, 2024
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
An attacker with write access to...
Moderate
Unreviewed
CVE-2024-38433
was published
Jul 11, 2024
PrivateBin allows shortening of URLs for other domains
Moderate
CVE-2024-39899
was published
for
privatebin/privatebin
(Composer)
Jul 10, 2024
The vulnerability allows attackers access to the root account without having to authenticate....
Critical
Unreviewed
CVE-2023-41920
was published
Jul 2, 2024
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient...
Moderate
Unreviewed
CVE-2024-37085
was published
Jun 25, 2024
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with...
High
Unreviewed
CVE-2023-4727
was published
Jun 11, 2024
MileSight DeviceHub -
CWE-305 Missing Authentication for Critical Function
Critical
Unreviewed
CVE-2024-36388
was published
Jun 2, 2024
Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process
High
CVE-2024-34077
was published
for
mantisbt/mantisbt
(Composer)
May 13, 2024
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an...
High
Unreviewed
CVE-2024-20378
was published
May 1, 2024
Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote...
Critical
Unreviewed
CVE-2024-3847
was published
Apr 17, 2024
Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows...
Critical
Unreviewed
CVE-2023-6153
was published
Mar 27, 2024
Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication...
Critical
Unreviewed
CVE-2024-1202
was published
Mar 21, 2024
Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security...
Critical
Unreviewed
CVE-2023-7103
was published
Mar 5, 2024
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all...
Critical
Unreviewed
CVE-2024-1403
was published
Feb 27, 2024
In telephony, there is a possible escalation of privilege due to a permissions bypass. This could...
High
Unreviewed
CVE-2024-20015
was published
Feb 5, 2024
Windows Kerberos Security Feature Bypass Vulnerability
Critical
Unreviewed
CVE-2024-20674
was published
Jan 9, 2024
The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and...
Moderate
Unreviewed
CVE-2023-4939
was published
Oct 21, 2023
NATS.io: Adding accounts for just the system account adds auth bypass
High
CVE-2023-47090
was published
for
github.com/nats-io/nats-server/v2
(Go)
Oct 19, 2023
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior...
High
Unreviewed
CVE-2023-4898
was published
Sep 12, 2023
Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn...
Moderate
Unreviewed
CVE-2023-4498
was published
Sep 6, 2023
ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an...
Critical
Unreviewed
CVE-2023-1935
was published
Aug 3, 2023
ProTip!
Advisories are also available from the
GraphQL API