GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET
Moderate
CVE-2020-5268
was published
for
Sustainsys.Saml2
(NuGet)
Apr 22, 2020
Auto-merging Person Records Compromised
High
CVE-2021-32691
was published
for
@apollosproject/data-connector-rock
(npm)
Jun 21, 2021
Saltstack Salt Unauthenticated Arbitrary Code Execution
High
CVE-2021-25315
was published
for
salt
(pip)
May 24, 2022
A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624),...
High
Unreviewed
CVE-2022-33736
was published
Jul 13, 2022
Prometheus vulnerable to basic authentication bypass
High
GHSA-4v48-4q5m-8vx4
was published
for
github.com/prometheus/prometheus
(Go)
Dec 5, 2022
Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows...
Moderate
Unreviewed
CVE-2022-4861
was published
Dec 30, 2022
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All Versions >= 1.16.4 ...
Critical
Unreviewed
CVE-2023-25957
was published
Mar 14, 2023
This vulnerability allows network-adjacent attackers to disclose sensitive information on...
Moderate
Unreviewed
CVE-2022-43635
was published
Mar 29, 2023
An authentication bypass vulnerability exists in the Authentication functionality of Weston...
High
Unreviewed
CVE-2022-41985
was published
May 10, 2023
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3...
Critical
Unreviewed
CVE-2023-29129
was published
Jun 13, 2023
pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket...
Critical
Unreviewed
CVE-2023-3326
was published
Jun 22, 2023
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password...
Moderate
Unreviewed
CVE-2023-4641
was published
Dec 27, 2023
Insufficient authentication flow in Checkmk before 2.2.0p17, 2.1.0p37 and 2.0.0p39 allows...
High
Unreviewed
CVE-2023-31211
was published
Jan 12, 2024
Eclipse Kura LogServlet vulnerability
High
CVE-2024-3046
was published
for
org.eclipse.kura:org.eclipse.kura.web2
(Maven)
Apr 9, 2024
Windows Kerberos Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-26248
was published
Apr 9, 2024
social-auth-app-django affected by Improper Handling of Case Sensitivity
Moderate
CVE-2024-32879
was published
for
social-auth-app-django
(pip)
Apr 24, 2024
D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability. This vulnerability allows...
Moderate
Unreviewed
CVE-2023-32148
was published
May 3, 2024
D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability. This vulnerability allows...
Moderate
Unreviewed
CVE-2023-32152
was published
May 3, 2024
D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication...
High
Unreviewed
CVE-2023-34274
was published
May 3, 2024
D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass...
High
Unreviewed
CVE-2023-34282
was published
May 3, 2024
D-Link DIR-X3260 prog.cgi Incorrect Implementation of Authentication Algorithm Authentication...
High
Unreviewed
CVE-2023-44420
was published
May 3, 2024
An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when...
Critical
Unreviewed
CVE-2024-4985
was published
May 21, 2024
An authentication bypass vulnerability has been identified in the REST and SOAP API components of...
Unknown
Unreviewed
CVE-2024-4332
was published
Jun 3, 2024
In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE...
High
Unreviewed
CVE-2024-34722
was published
Jul 9, 2024
Inappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 allowed a remote...
Critical
Unreviewed
CVE-2023-4860
was published
Jul 17, 2024
ProTip!
Advisories are also available from the
GraphQL API