GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass...
Moderate
Unreviewed
CVE-2022-3100
was published
Jan 18, 2023
A flaw was found in Samba, all versions starting samba 4.5.0 until samba 4.9.15, samba 4.10.10,...
Moderate
Unreviewed
CVE-2019-14833
was published
May 24, 2022
Dapr API token authentication bypass in HTTP endpoints
Moderate
CVE-2023-37918
was published
for
github.com/dapr/dapr
(Go)
Jul 21, 2023
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID...
Moderate
Unreviewed
CVE-2022-40723
was published
Apr 25, 2023
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could...
Moderate
Unreviewed
CVE-2023-28126
was published
May 10, 2023
Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn...
Moderate
Unreviewed
CVE-2023-4498
was published
Sep 6, 2023
The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and...
Moderate
Unreviewed
CVE-2023-4939
was published
Oct 21, 2023
An authentication bypass vulnerability exists in libcurl v8.0.0 where it reuses a previously...
Moderate
Unreviewed
CVE-2023-27538
was published
Mar 30, 2023
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
An attacker with write access to...
Moderate
Unreviewed
CVE-2024-38433
was published
Jul 11, 2024
PrivateBin allows shortening of URLs for other domains
Moderate
CVE-2024-39899
was published
for
privatebin/privatebin
(Composer)
Jul 10, 2024
Navidrome uses MD5 hashing algorithm
Moderate
CVE-2024-41259
was published
for
github.com/navidrome/navidrome
(Go)
Aug 1, 2024
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient...
Moderate
Unreviewed
CVE-2024-37085
was published
Jun 25, 2024
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1...
Moderate
Unreviewed
CVE-2024-4784
was published
Aug 8, 2024
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain...
Moderate
Unreviewed
CVE-2024-5956
was published
Sep 5, 2024
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs...
Moderate
Unreviewed
CVE-2024-5957
was published
Sep 5, 2024
ProTip!
Advisories are also available from the
GraphQL API