GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,419 advisories
Filter by severity
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests.
High
Unreviewed
CVE-2024-41589
was published
Oct 3, 2024
The goTenna Pro series does not authenticate public keys which allows an unauthenticated attacker...
High
Unreviewed
CVE-2024-47125
was published
Sep 26, 2024
furlongm openvpn-monitor allows Authorization Bypass to disconnect arbitrary clients
High
CVE-2021-31606
was published
for
openvpn-monitor
(pip)
May 24, 2022
PAM module may allow accessing with the credentials of another user
High
CVE-2024-9313
was published
for
github.com/ubuntu/authd
(Go)
Oct 3, 2024
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an...
High
Unreviewed
CVE-2024-45148
was published
Oct 10, 2024
Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had...
High
Unreviewed
CVE-2021-41312
was published
May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an...
High
Unreviewed
CVE-2021-41311
was published
Dec 9, 2021
Permission control vulnerability in the audio module. Successful exploitation of this...
High
Unreviewed
CVE-2023-39380
was published
Aug 13, 2023
Matrix JavaScript SDK's key history sharing could share keys to malicious devices
High
CVE-2024-47080
was published
for
matrix-js-sdk
(npm)
Oct 15, 2024
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two...
High
Unreviewed
CVE-2022-30550
was published
Jul 18, 2022
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate...
High
Unreviewed
CVE-2024-38139
was published
Oct 16, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
High
CVE-2023-22650
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows...
High
Unreviewed
CVE-2024-43685
was published
Oct 4, 2024
Logic error in authentication in proxy.py
High
CVE-2021-3116
was published
for
proxy.py
(pip)
Apr 7, 2021
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api
High
CVE-2017-5192
was published
for
salt
(pip)
May 17, 2022
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via...
High
Unreviewed
CVE-2024-9927
was published
Oct 23, 2024
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions...
High
Unreviewed
CVE-2024-9947
was published
Oct 23, 2024
A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows...
High
Unreviewed
CVE-2024-10327
was published
Oct 24, 2024
Python-saml allows manipulation of SAML data without invalidation of cryptographic signature
High
CVE-2017-11427
was published
for
python-saml
(pip)
Jul 5, 2019
rdiffweb vulnerable to Authentication Bypass by Primary Weakness
High
CVE-2022-4722
was published
for
rdiffweb
(pip)
Dec 27, 2022
Salt has insufficient argument validation in several modules
High
CVE-2013-4435
was published
for
salt
(pip)
May 17, 2022
Improper Authentication in SaltStack Salt
High
CVE-2021-22004
was published
for
salt
(pip)
May 24, 2022
TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication...
High
Unreviewed
CVE-2023-33237
was published
Aug 17, 2023
A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions...
High
Unreviewed
CVE-2023-39981
was published
Sep 2, 2023
ProTip!
Advisories are also available from the
GraphQL API