GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,740
Composer 4,239
Erlang 31
GitHub Actions 21
Go 2,007
Maven 5,196
npm 3,716
NuGet 662
pip 3,388
Pub 11
RubyGems 885
Rust 851
Swift 36

Unreviewed advisories

All unreviewed 235,932

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

325 advisories

Filter by severity

Sort by

Least recently updated

An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An... Critical Unreviewed

CVE-2024-23618 was published Jan 26, 2024

Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote... Critical Unreviewed

CVE-2023-51947 was published Jan 19, 2024

ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to... Critical Unreviewed

CVE-2023-5716 was published Jan 19, 2024

The router console is accessible without authentication at "data" field, and while a user needs... Critical Unreviewed

CVE-2023-49255 was published Jan 12, 2024

D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to... Critical Unreviewed

CVE-2023-51987 was published Jan 11, 2024

D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to... Critical Unreviewed

CVE-2023-51989 was published Jan 11, 2024

An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and... Critical Unreviewed

CVE-2023-29485 was published Dec 21, 2023

An authentication bypass vulnerability has been found in Repox, which allows a remote user to... Critical Unreviewed

CVE-2023-6718 was published Dec 13, 2023

NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port... Critical Unreviewed

CVE-2023-49693 was published Nov 30, 2023

Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet... Critical Unreviewed

CVE-2023-42770 was published Nov 21, 2023

Missing authentication for critical function vulnerability in First Corporation's DVRs allows a... Critical Unreviewed

CVE-2023-47674 was published Nov 16, 2023

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware... Critical Unreviewed

CVE-2023-34060 was published Nov 14, 2023

Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation... Critical Unreviewed

CVE-2023-4699 was published Nov 6, 2023

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an... Critical Unreviewed

CVE-2023-41351 was published Nov 3, 2023

Undisclosed requests may bypass configuration utility authentication, allowing an attacker... Critical Unreviewed

CVE-2023-46747 was published Oct 26, 2023

A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius... Critical Unreviewed

CVE-2023-39930 was published Oct 25, 2023

Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier... Critical Unreviewed

CVE-2023-26573 was published Oct 25, 2023

Vulnerability of access permissions not being strictly verified in the APPWidget module... Critical Unreviewed

CVE-2023-44116 was published Oct 11, 2023

Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete... Critical Unreviewed

CVE-2023-43271 was published Oct 9, 2023

sing-box vulnerable to improper authentication in the SOCKS inbound Critical

CVE-2023-43644 was published for github.com/sagernet/sing (Go) Sep 26, 2023

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server... Critical Unreviewed

CVE-2023-42793 was published Sep 19, 2023

Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas... Critical Unreviewed

CVE-2023-4702 was published Sep 14, 2023

Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An... Critical Unreviewed

CVE-2023-38028 was published Aug 28, 2023

SAP PowerDesigner - version 16.7, has improper access control which might allow an... Critical Unreviewed

CVE-2023-37483 was published Aug 8, 2023

Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11... Critical Unreviewed

CVE-2023-36669 was published Jul 18, 2023

Previous 1 2 3 4 5 … 12 13 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

325 advisories