Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

856 advisories

Loading
An authentication bypass vulnerability has been identified in Pulpcore when deployed with... Critical Unreviewed
CVE-2024-7923 was published Sep 4, 2024
An authentication bypass vulnerability has been identified in Foreman when deployed with External... Critical Unreviewed
CVE-2024-7012 was published Sep 4, 2024
Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows... Critical Unreviewed
CVE-2024-42462 was published Aug 16, 2024
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1... Critical Unreviewed
CVE-2024-7593 was published Aug 13, 2024
Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator... Critical Unreviewed
CVE-2024-7746 was published Aug 13, 2024
An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an... Critical Unreviewed
CVE-2024-36130 was published Aug 7, 2024
An authentication bypass vulnerability in Korenix JetPort 5601v3 allows an attacker to access... Critical Unreviewed
CVE-2024-7395 was published Aug 5, 2024
pREST vulnerable to jwt bypass + sql injection Critical
GHSA-wm25-j4gw-6vr3 was published for github.com/prest/prest (Go) Jul 30, 2024
mihail8531
Remote command execution due to use of default passwords. The following products are affected:... Critical Unreviewed
CVE-2023-45249 was published Jul 24, 2024
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution... Critical Unreviewed
CVE-2024-23471 was published Jul 17, 2024
The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote... Critical Unreviewed
CVE-2024-23470 was published Jul 17, 2024
The vulnerability could be remotely exploited to bypass authentication. Critical Unreviewed
CVE-2024-22442 was published Jul 16, 2024
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-6397 was published Jul 11, 2024
Sensitive information disclosure in NetScaler Console Critical Unreviewed
CVE-2024-6235 was published Jul 10, 2024
The N-central server is vulnerable to an authentication bypass of the user interface. This... Critical Unreviewed
CVE-2024-28200 was published Jul 1, 2024
Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows... Critical Unreviewed
CVE-2024-5805 was published Jun 25, 2024
The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up... Critical Unreviewed
CVE-2024-5432 was published Jun 20, 2024
Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024... Critical Unreviewed
CVE-2024-6057 was published Jun 17, 2024
Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated... Critical Unreviewed
CVE-2024-3080 was published Jun 14, 2024
HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass. Critical Unreviewed
CVE-2024-22441 was published Jun 13, 2024
Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an... Critical Unreviewed
CVE-2024-30299 was published Jun 13, 2024
A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application... Critical Unreviewed
CVE-2024-36266 was published Jun 11, 2024
Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication. Critical Unreviewed
CVE-2024-37019 was published Jun 3, 2024
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the... Critical Unreviewed
CVE-2023-43551 was published Jun 3, 2024
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise... Critical Unreviewed
CVE-2024-29849 was published May 23, 2024
ProTip! Advisories are also available from the GraphQL API