GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,520 advisories
Filter by severity
Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64...
Moderate
Unreviewed
CVE-2024-1573
was published
Jul 4, 2024
Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when...
High
Unreviewed
CVE-2024-39830
was published
Jul 3, 2024
In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using...
High
Unreviewed
CVE-2024-3826
was published
Jul 2, 2024
Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers...
Moderate
Unreviewed
CVE-2024-20900
was published
Jul 2, 2024
Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass...
High
Unreviewed
CVE-2024-34596
was published
Jul 2, 2024
Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair...
Moderate
Unreviewed
CVE-2024-20889
was published
Jul 2, 2024
Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to...
Moderate
Unreviewed
CVE-2024-20890
was published
Jul 2, 2024
The N-central server is vulnerable to an authentication bypass of the user interface. This...
Critical
Unreviewed
CVE-2024-28200
was published
Jul 1, 2024
An issue was discovered on HMS Anybus X-Gateway AB7832-F firmware version 3. The HICP protocol...
High
Unreviewed
CVE-2024-23767
was published
Jun 26, 2024
In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication...
High
Unreviewed
CVE-2024-5012
was published
Jun 25, 2024
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to...
High
Unreviewed
CVE-2024-5806
was published
Jun 25, 2024
Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows...
Critical
Unreviewed
CVE-2024-5805
was published
Jun 25, 2024
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient...
Moderate
Unreviewed
CVE-2024-37085
was published
Jun 25, 2024
Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly...
Moderate
Unreviewed
CVE-2024-37233
was published
Jun 24, 2024
Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate...
Unknown
Unreviewed
CVE-2024-24554
was published
Jun 24, 2024
SFTPGo has insufficient access control for password reset
Moderate
CVE-2024-37897
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Jun 20, 2024
The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up...
Critical
Unreviewed
CVE-2024-5432
was published
Jun 20, 2024
PocketBase performs password auth and OAuth2 unverified email linking
Moderate
CVE-2024-38351
was published
for
github.com/pocketbase/pocketbase
(Go)
Jun 18, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
High
CVE-2023-22650
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
Firefly III has a MFA bypass in oauth flow
Moderate
CVE-2024-37893
was published
for
grumpydictator/firefly-iii
(Composer)
Jun 17, 2024
Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024...
Critical
Unreviewed
CVE-2024-6057
was published
Jun 17, 2024
IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an...
High
Unreviewed
CVE-2024-27275
was published
Jun 15, 2024
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The...
Unknown
Unreviewed
CVE-2024-37368
was published
Jun 14, 2024
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12....
High
Unreviewed
CVE-2024-37367
was published
Jun 14, 2024
Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated...
Critical
Unreviewed
CVE-2024-3080
was published
Jun 14, 2024
ProTip!
Advisories are also available from the
GraphQL API