Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

143 advisories

Loading
SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which... Critical Unreviewed
CVE-2023-29158 was published Jun 19, 2023
An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via... Moderate Unreviewed
CVE-2023-34553 was published Jun 22, 2023
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC... Critical Unreviewed
CVE-2023-2846 was published Jun 30, 2023
Vulnerability of identity verification being bypassed in the storage module. Successful... High Unreviewed
CVE-2022-48507 was published Jul 6, 2023
Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an... High Unreviewed
CVE-2022-25836 was published Jul 6, 2023
Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an... High Unreviewed
CVE-2022-25837 was published Jul 6, 2023
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause... Critical Unreviewed
CVE-2022-45789 was published Jul 6, 2023
Apache Linkis Authentication Bypass vulnerability Critical
CVE-2023-27987 was published for org.apache.linkis:linkis (Maven) Jul 6, 2023
ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation... High Unreviewed
CVE-2023-34625 was published Jul 20, 2023
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor with man-in... High Unreviewed
CVE-2023-20900 was published Aug 31, 2023
 A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay. Moderate Unreviewed
CVE-2023-39373 was published Sep 3, 2023
A remote authentication bypass issue exists in some OneView APIs. Critical Unreviewed
CVE-2023-30909 was published Sep 14, 2023
Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation High
CVE-2023-41890 was published for Kentor.AuthServices (NuGet) Sep 20, 2023
c53robin
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay... Moderate Unreviewed
CVE-2023-36857 was published Oct 19, 2023
A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4... Moderate Unreviewed
CVE-2023-45794 was published Nov 14, 2023
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X... High Unreviewed
CVE-2023-39547 was published Nov 17, 2023
Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3... High Unreviewed
CVE-2022-46480 was published Dec 5, 2023
The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical... Moderate Unreviewed
CVE-2023-50128 was published Jan 11, 2024
The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to... High Unreviewed
CVE-2023-46892 was published Jan 23, 2024
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC... Moderate Unreviewed
CVE-2023-6374 was published Jan 30, 2024
An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an... Critical Unreviewed
CVE-2023-49231 was published Mar 29, 2024
@workos-inc/authkit-nextjs session replay vulnerability Moderate
CVE-2024-29901 was published for @workos-inc/authkit-nextjs (npm) Mar 29, 2024
An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass... Critical Unreviewed
CVE-2023-47435 was published Apr 19, 2024
Veeam Backup Enterprise Manager allows account takeover via NTLM relay. High Unreviewed
CVE-2024-29850 was published May 23, 2024
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise... High Unreviewed
CVE-2024-29851 was published May 23, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database