Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

791 advisories

Loading
An unauthenticated attacker can reset the board and stop transmitter operations by sending a... Moderate Unreviewed
CVE-2024-21846 was published Apr 19, 2024
The devices allow access to an unprotected endpoint that allows MPFS file system binary image... High Unreviewed
CVE-2024-1491 was published Apr 19, 2024
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2024-21007 was published Apr 17, 2024
An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an... High Unreviewed
CVE-2023-4857 was published Apr 15, 2024
The system application (com.transsion.kolun.aiservice) component does not perform an... Critical Unreviewed
CVE-2024-3701 was published Apr 15, 2024
A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe... Moderate Unreviewed
CVE-2024-30391 was published Apr 12, 2024
Windows Update Stack Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-26235 was published Apr 9, 2024
** DISPUTED ** A Missing Authentication for Critical Function issue affecting the HTTP service... Moderate Unreviewed
CVE-2023-6949 was published Apr 2, 2024
Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service... High Unreviewed
CVE-2023-51571 was published Apr 2, 2024
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue... Moderate Unreviewed
CVE-2022-38057 was published Mar 25, 2024
Jupyter Server Proxy's Websocket Proxying does not require authentication Critical
CVE-2024-28179 was published for jupyter-server-proxy (pip) Mar 20, 2024
yuvipanda consideRatio
manics minrk krassowski dlqqq eddelbuettel
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint High
CVE-2022-34321 was published for org.apache.pulsar:pulsar-proxy (Maven) Mar 12, 2024
oscerd
An unauthenticated remote attacker can modify configurations to perform a remote code execution... Critical Unreviewed
CVE-2024-25995 was published Mar 12, 2024
RPyC's missing security check results in code execution when using numpy.array on the server-side. High
CVE-2024-27758 was published for rpyc (pip) Mar 6, 2024
renbou comrumino
A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as... Moderate Unreviewed
CVE-2024-2076 was published Mar 1, 2024
Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful... Unknown Unreviewed
CVE-2022-48621 was published Feb 18, 2024
Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication... High Unreviewed
CVE-2023-40545 was published Feb 6, 2024
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible Critical Unreviewed
CVE-2024-23917 was published Feb 6, 2024
MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote... High Unreviewed
CVE-2023-49115 was published Feb 2, 2024
The MachineSense application programmable interface (API) is improperly protected and can be... Critical Unreviewed
CVE-2023-49617 was published Feb 2, 2024
The cloud provider MachineSense uses for integration and deployment for multiple MachineSense... High Unreviewed
CVE-2023-6221 was published Feb 2, 2024
Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for... Moderate Unreviewed
CVE-2024-22449 was published Feb 1, 2024
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records Moderate
CVE-2020-15136 was published for go.etcd.io/etcd (Go) Jan 31, 2024
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation... High Unreviewed
CVE-2023-6942 was published Jan 30, 2024
An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An... Critical Unreviewed
CVE-2024-23618 was published Jan 26, 2024
ProTip! Advisories are also available from the GraphQL API