Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,916
Maven
5,000+
npm
3,646
NuGet
638
pip
3,263
Pub
10
RubyGems
870
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

777 advisories

Loading
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account... Critical Unreviewed
CVE-2024-0002 was published Sep 23, 2024
An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication. Critical Unreviewed
CVE-2024-47218 was published Sep 22, 2024
**UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An... Critical Unreviewed
CVE-2024-34399 was published Sep 18, 2024
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication... Critical Unreviewed
CVE-2024-8956 was published Sep 17, 2024
CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product.... Critical Unreviewed
CVE-2024-45823 was published Sep 12, 2024
Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function. Critical Unreviewed
CVE-2023-37226 was published Sep 10, 2024
An authentication bypass vulnerability has been identified in Foreman when deployed with External... Critical Unreviewed
CVE-2024-7012 was published Sep 4, 2024
An authentication bypass vulnerability has been identified in Pulpcore when deployed with... Critical Unreviewed
CVE-2024-7923 was published Sep 4, 2024
Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows... Critical Unreviewed
CVE-2024-42462 was published Aug 16, 2024
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1... Critical Unreviewed
CVE-2024-7593 was published Aug 13, 2024
Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator... Critical Unreviewed
CVE-2024-7746 was published Aug 13, 2024
An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an... Critical Unreviewed
CVE-2024-36130 was published Aug 7, 2024
An authentication bypass vulnerability in Korenix JetPort 5601v3 allows an attacker to access... Critical Unreviewed
CVE-2024-7395 was published Aug 5, 2024
Remote command execution due to use of default passwords. The following products are affected:... Critical Unreviewed
CVE-2023-45249 was published Jul 24, 2024
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution... Critical Unreviewed
CVE-2024-23471 was published Jul 17, 2024
The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote... Critical Unreviewed
CVE-2024-23470 was published Jul 17, 2024
The vulnerability could be remotely exploited to bypass authentication. Critical Unreviewed
CVE-2024-22442 was published Jul 16, 2024
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-6397 was published Jul 11, 2024
Sensitive information disclosure in NetScaler Console Critical Unreviewed
CVE-2024-6235 was published Jul 10, 2024
The N-central server is vulnerable to an authentication bypass of the user interface. This... Critical Unreviewed
CVE-2024-28200 was published Jul 1, 2024
Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows... Critical Unreviewed
CVE-2024-5805 was published Jun 25, 2024
The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up... Critical Unreviewed
CVE-2024-5432 was published Jun 20, 2024
Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024... Critical Unreviewed
CVE-2024-6057 was published Jun 17, 2024
Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated... Critical Unreviewed
CVE-2024-3080 was published Jun 14, 2024
HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass. Critical Unreviewed
CVE-2024-22441 was published Jun 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database