Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

142 advisories

Loading
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise... High Unreviewed
CVE-2024-29851 was published May 23, 2024
OPA for Windows has an SMB force-authentication vulnerability Moderate
CVE-2024-8260 was published for github.com/open-policy-agent/opa (Go) Aug 30, 2024
There exists a vulnerability in Quickshare/Nearby where an attacker can bypass the accept file... High Unreviewed
CVE-2024-38272 was published Jun 26, 2024
LinOTP replay vulnerability with auto resynchronization enabled for TOTP token Critical
CVE-2019-12887 was published for LinOTP (pip) May 24, 2022
An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack... Moderate Unreviewed
CVE-2024-39081 was published Sep 18, 2024
IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay. High Unreviewed
CVE-2024-46041 was published Oct 7, 2024
Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation High
CVE-2023-41890 was published for Kentor.AuthServices (NuGet) Sep 20, 2023
c53robin
Apache Linkis Authentication Bypass vulnerability Critical
CVE-2023-27987 was published for org.apache.linkis:linkis (Maven) Jul 6, 2023
SaltStack Salt Authentication Bypass by Capture-replay High
CVE-2022-22936 was published for salt (pip) Mar 30, 2022
Authentication Bypass by Capture-replay in Apache Spark High
CVE-2021-38296 was published for org.apache.spark:spark-core (Maven) Mar 11, 2022
AlmogApiiro
An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an... Critical Unreviewed
CVE-2023-49231 was published Mar 29, 2024
A remote authentication bypass issue exists in some OneView APIs. Critical Unreviewed
CVE-2023-30909 was published Sep 14, 2023
There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service... High Unreviewed
CVE-2024-22066 was published Oct 29, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window Moderate
CVE-2024-45244 was published for github.com/hyperledger/fabric (Go) Aug 25, 2024
Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against... Low Unreviewed
CVE-2024-36250 was published Nov 9, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass High
CVE-2024-34065 was published for @strapi/plugin-users-permissions (npm) Jun 12, 2024
Eventyret iarce-qb
derrickmehaffy Convly innerdvations alexandrebodin
In the development options section of the Settings app, there is a possible authentication bypass... High Unreviewed
CVE-2018-9477 was published Nov 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database