GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
46 advisories
Filter by severity
An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack...
Moderate
Unreviewed
CVE-2024-39081
was published
Sep 18, 2024
OPA for Windows has an SMB force-authentication vulnerability
Moderate
CVE-2024-8260
was published
for
github.com/open-policy-agent/opa
(Go)
Aug 30, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window
Moderate
CVE-2024-45244
was published
for
github.com/hyperledger/fabric
(Go)
Aug 25, 2024
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.
Moderate
Unreviewed
CVE-2024-5249
was published
Jul 30, 2024
Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypass via a Capture-Replay...
Moderate
Unreviewed
CVE-2024-37016
was published
Jul 15, 2024
@workos-inc/authkit-nextjs session replay vulnerability
Moderate
CVE-2024-29901
was published
for
@workos-inc/authkit-nextjs
(npm)
Mar 29, 2024
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC...
Moderate
Unreviewed
CVE-2023-6374
was published
Jan 30, 2024
The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical...
Moderate
Unreviewed
CVE-2023-50128
was published
Jan 11, 2024
A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4...
Moderate
Unreviewed
CVE-2023-45794
was published
Nov 14, 2023
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05
contains a replay...
Moderate
Unreviewed
CVE-2023-36857
was published
Oct 19, 2023
A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay.
Moderate
Unreviewed
CVE-2023-39373
was published
Sep 3, 2023
An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via...
Moderate
Unreviewed
CVE-2023-34553
was published
Jun 22, 2023
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request...
Moderate
Unreviewed
CVE-2023-33621
was published
Jun 13, 2023
The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door...
Moderate
Unreviewed
CVE-2023-33281
was published
May 22, 2023
A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and...
Moderate
Unreviewed
CVE-2023-20123
was published
Apr 5, 2023
The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass...
Moderate
Unreviewed
CVE-2022-43704
was published
Jan 20, 2023
An OpenPGP digital signature includes information about the date when the signature was created....
Moderate
Unreviewed
CVE-2022-2226
was published
Dec 22, 2022
The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF...
Moderate
Unreviewed
CVE-2022-45914
was published
Nov 27, 2022
The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles...
Moderate
Unreviewed
CVE-2022-37418
was published
Aug 25, 2022
The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows...
Moderate
Unreviewed
CVE-2022-37305
was published
Aug 25, 2022
The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicles through 2020 allows...
Moderate
Unreviewed
CVE-2022-36945
was published
Aug 25, 2022
relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to...
Moderate
Unreviewed
CVE-2022-29593
was published
Jul 15, 2022
Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote...
Moderate
Unreviewed
CVE-2022-30467
was published
Jun 30, 2022
joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture...
Moderate
Unreviewed
CVE-2022-30466
was published
Jun 8, 2022
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out,...
Moderate
Unreviewed
CVE-2020-23178
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API