GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
231 advisories
Filter by severity
Admin authentication can be bypassed with some specific invalid credentials, which allows logging...
Moderate
Unreviewed
CVE-2024-33616
was published
Nov 26, 2024
Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without...
Moderate
Unreviewed
CVE-2024-39707
was published
Nov 15, 2024
An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message...
Moderate
Unreviewed
CVE-2023-34761
was published
Jun 28, 2023
Improper control of framework service permissions with possibility of some sensitive device...
Moderate
Unreviewed
CVE-2020-12491
was published
Nov 25, 2024
Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware...
Moderate
Unreviewed
CVE-2024-47865
was published
Nov 20, 2024
A low privileged remote attacker may modify the docker settings setup of the device, leading to a...
Moderate
Unreviewed
CVE-2024-41968
was published
Nov 18, 2024
A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4...
Moderate
Unreviewed
CVE-2024-26011
was published
Nov 12, 2024
The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM...
Moderate
Unreviewed
CVE-2024-36457
was published
Jul 15, 2024
An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate...
Moderate
Unreviewed
CVE-2024-48952
was published
Nov 7, 2024
Improper authentication vulnerability in exists in multiple printers and scanners which implement...
Moderate
Unreviewed
CVE-2024-21824
was published
Mar 18, 2024
The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue...
Moderate
Unreviewed
CVE-2024-51362
was published
Nov 5, 2024
Internet passwords stored in Person documents in the Domino® Directory created using the "Add...
Moderate
Unreviewed
CVE-2023-37495
was published
Feb 29, 2024
A user with device administrative privileges can change existing SMTP server settings on the...
Moderate
Unreviewed
CVE-2024-5143
was published
May 23, 2024
The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is...
Moderate
Unreviewed
CVE-2024-9430
was published
Oct 31, 2024
Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA...
Moderate
Unreviewed
CVE-2024-48442
was published
Oct 24, 2024
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the...
Moderate
Unreviewed
CVE-2019-5591
was published
May 24, 2022
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2...
Moderate
Unreviewed
CVE-2024-47902
was published
Oct 23, 2024
Vilo 5 Mesh WiFi System <= 5.16.1.33 lacks authentication in the Boa webserver, which allows...
Moderate
Unreviewed
CVE-2024-40091
was published
Oct 21, 2024
aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values...
Moderate
Unreviewed
CVE-2024-3774
was published
Apr 15, 2024
EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing...
Moderate
Unreviewed
CVE-2024-26263
was published
Feb 15, 2024
CWE-306: Missing Authentication for Critical Function vulnerability exists that could
cause...
Moderate
Unreviewed
CVE-2024-8530
was published
Oct 11, 2024
The affected product is vulnerable to an attacker modifying the bootloader by using custom...
Moderate
Unreviewed
CVE-2024-38279
was published
Jun 13, 2024
An unauthenticated remote attacker may use the devices traffic capture without authentication to...
Moderate
Unreviewed
CVE-2024-35294
was published
Oct 2, 2024
SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an...
Moderate
Unreviewed
CVE-2023-39436
was published
Aug 8, 2023
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker...
Moderate
Unreviewed
CVE-2023-36926
was published
Aug 8, 2023
ProTip!
Advisories are also available from the
GraphQL API