Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

124 advisories

Loading
Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by... High Unreviewed
CVE-2024-49595 was published Nov 26, 2024
In the development options section of the Settings app, there is a possible authentication bypass... High Unreviewed
CVE-2018-9477 was published Nov 20, 2024
Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against... Low Unreviewed
CVE-2024-36250 was published Nov 9, 2024
There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service... High Unreviewed
CVE-2024-22066 was published Oct 29, 2024
A remote authentication bypass issue exists in some OneView APIs. Critical Unreviewed
CVE-2023-30909 was published Sep 14, 2023
An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an... Critical Unreviewed
CVE-2023-49231 was published Mar 29, 2024
IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay. High Unreviewed
CVE-2024-46041 was published Oct 7, 2024
An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack... Moderate Unreviewed
CVE-2024-39081 was published Sep 18, 2024
There exists a vulnerability in Quickshare/Nearby where an attacker can bypass the accept file... High Unreviewed
CVE-2024-38272 was published Jun 26, 2024
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise... High Unreviewed
CVE-2024-29851 was published May 23, 2024
The session hijacking attack targets the application layer's control mechanism, which manages... High Unreviewed
CVE-2024-43099 was published Sep 13, 2024
softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has... High Unreviewed
CVE-2023-0035 was published Jan 9, 2023
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an... High Unreviewed
CVE-2023-0036 was published Jan 9, 2023
An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the... High Unreviewed
CVE-2024-3982 was published Aug 27, 2024
An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and... High Unreviewed
CVE-2024-38890 was published Aug 2, 2024
Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypass via a Capture-Replay... Moderate Unreviewed
CVE-2024-37016 was published Jul 15, 2024
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed. Moderate Unreviewed
CVE-2024-5249 was published Jul 30, 2024
D-Link - CWE-294: Authentication Bypass by Capture-replay Critical Unreviewed
CVE-2024-38438 was published Jul 21, 2024
Veeam Backup Enterprise Manager allows account takeover via NTLM relay. High Unreviewed
CVE-2024-29850 was published May 23, 2024
An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass... Critical Unreviewed
CVE-2023-47435 was published Apr 19, 2024
Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows... Critical Unreviewed
CVE-2024-4009 was published Jun 5, 2024
Transmitted data is logged between the device and the backend service. An attacker could use... Unknown Unreviewed
CVE-2024-38284 was published Jun 13, 2024
Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an... High Unreviewed
CVE-2022-25836 was published Jul 6, 2023
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay... Moderate Unreviewed
CVE-2023-36857 was published Oct 19, 2023
 A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay. Moderate Unreviewed
CVE-2023-39373 was published Sep 3, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database