GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
777 advisories
Filter by severity
IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document...
Moderate
Unreviewed
CVE-2024-35143
was published
Aug 4, 2024
Navidrome uses MD5 hashing algorithm
Moderate
CVE-2024-41259
was published
for
github.com/navidrome/navidrome
(Go)
Aug 1, 2024
A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and...
Moderate
Unreviewed
CVE-2024-7079
was published
Jul 24, 2024
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5...
High
Unreviewed
CVE-2024-39601
was published
Jul 22, 2024
Insufficient authentication in user account management in Yugabyte Platform allows local network...
Moderate
Unreviewed
CVE-2024-6895
was published
Jul 19, 2024
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an...
Critical
Unreviewed
CVE-2024-5910
was published
Jul 10, 2024
An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read,...
Critical
Unreviewed
CVE-2024-6422
was published
Jul 10, 2024
A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs....
Critical
Unreviewed
CVE-2023-41918
was published
Jul 2, 2024
IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive...
High
Unreviewed
CVE-2024-31916
was published
Jun 27, 2024
STRIMZI incorrect access control
High
CVE-2024-36543
was published
for
io.strimzi:strimzi
(Maven)
Jun 17, 2024
Toshiba printers provides API without authentication for internal access. A local attacker can...
High
Unreviewed
CVE-2024-27169
was published
Jun 14, 2024
Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure...
Moderate
Unreviewed
CVE-2024-5947
was published
Jun 13, 2024
Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability....
High
Unreviewed
CVE-2024-5951
was published
Jun 13, 2024
Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability. This...
Moderate
Unreviewed
CVE-2024-5952
was published
Jun 13, 2024
Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import...
High
Unreviewed
CVE-2024-34800
was published
Jun 10, 2024
Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller...
High
Unreviewed
CVE-2024-32752
was published
Jun 6, 2024
IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40...
Moderate
Unreviewed
CVE-2024-22326
was published
Jun 6, 2024
Unauthenticated Access to sensitive settings in Argo CD
Moderate
CVE-2024-37152
was published
for
github.com/argoproj/argo-cd/v2/server
(Go)
Jun 6, 2024
A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an...
Moderate
Unreviewed
CVE-2024-20391
was published
May 15, 2024
When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the...
High
Unreviewed
CVE-2023-5935
was published
May 15, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected...
High
Unreviewed
CVE-2024-27942
was published
May 14, 2024
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel...
Critical
Unreviewed
CVE-2024-32735
was published
May 14, 2024
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an...
High
Unreviewed
CVE-2024-2860
was published
May 8, 2024
D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability. This vulnerability allows...
Moderate
Unreviewed
CVE-2023-37325
was published
May 8, 2024
NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information...
Moderate
Unreviewed
CVE-2021-34983
was published
May 8, 2024
ProTip!
Advisories are also available from the
GraphQL API