GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,787
Composer 4,248
Erlang 31
GitHub Actions 21
Go 2,016
Maven 5,202
npm 3,721
NuGet 662
pip 3,400
Pub 11
RubyGems 890
Rust 852
Swift 36

Unreviewed advisories

All unreviewed 236,241

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

321 advisories

Filter by severity

Sort by

Least recently updated

An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to... High Unreviewed

CVE-2024-48771 was published Oct 11, 2024

An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to... High Unreviewed

CVE-2024-48768 was published Oct 11, 2024

An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the... High Unreviewed

CVE-2024-48773 was published Oct 11, 2024

An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain... High Unreviewed

CVE-2024-48775 was published Oct 11, 2024

An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information... High Unreviewed

CVE-2024-48776 was published Oct 11, 2024

The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions... High Unreviewed

CVE-2024-9522 was published Oct 10, 2024

Missing authentication for critical function in Visual Studio Code extension for Arduino allows... High Unreviewed

CVE-2024-43488 was published Oct 8, 2024

Missing Authentication - User & System Configuration High Unreviewed

CVE-2024-47555 was published Oct 7, 2024

Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user.... High Unreviewed

CVE-2024-39364 was published Sep 27, 2024

The goTenna Pro series allows unauthenticated attackers to remotely update the local public keys... High Unreviewed

CVE-2024-47130 was published Sep 26, 2024

The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up... High Unreviewed

CVE-2024-7781 was published Sep 26, 2024

A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP... High Unreviewed

CVE-2024-8751 was published Sep 13, 2024

An authentication bypass weakness in the message broker service of Ivanti Workspace Control... High Unreviewed

CVE-2024-8012 was published Sep 10, 2024

Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and... High Unreviewed

CVE-2024-39300 was published Aug 30, 2024

The product exposes a service that is intended for local only to all network interfaces without... High Unreviewed

CVE-2024-7940 was published Aug 27, 2024

A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00... High Unreviewed

CVE-2024-35124 was published Aug 13, 2024

Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass... High Unreviewed

CVE-2024-7007 was published Jul 25, 2024

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5... High Unreviewed

CVE-2024-39601 was published Jul 22, 2024

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL... High Unreviewed

CVE-2024-21146 was published Jul 17, 2024

Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access... High Unreviewed

CVE-2024-37767 was published Jul 5, 2024

IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive... High Unreviewed

CVE-2024-31916 was published Jun 27, 2024

Toshiba printers provides API without authentication for internal access. A local attacker can... High Unreviewed

CVE-2024-27169 was published Jun 14, 2024

Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability.... High Unreviewed

CVE-2024-5951 was published Jun 13, 2024

Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import... High Unreviewed

CVE-2024-34800 was published Jun 10, 2024

Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller... High Unreviewed

CVE-2024-32752 was published Jun 6, 2024

Previous 1 2 3 4 5 … 12 13 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

321 advisories