GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress...
Critical
Unreviewed
CVE-2021-24215
was published
May 24, 2022
Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the...
Critical
Unreviewed
CVE-2019-9552
was published
May 13, 2022
An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2...
Critical
Unreviewed
CVE-2017-14244
was published
May 13, 2022
D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm...
Critical
Unreviewed
CVE-2019-7736
was published
May 13, 2022
"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass...
Critical
Unreviewed
CVE-2017-10833
was published
May 13, 2022
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global...
Critical
Unreviewed
CVE-2017-17736
was published
May 13, 2022
add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an...
Critical
Unreviewed
CVE-2018-18922
was published
May 13, 2022
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows...
Critical
Unreviewed
CVE-2018-19207
was published
May 13, 2022
OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct...
Critical
Unreviewed
CVE-2018-6624
was published
May 13, 2022
A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to...
Critical
Unreviewed
CVE-2022-41746
was published
Oct 11, 2022
Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This...
Critical
Unreviewed
CVE-2023-1699
was published
Mar 30, 2023
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to...
Critical
Unreviewed
CVE-2024-0204
was published
Jan 22, 2024
Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML...
Critical
Unreviewed
CVE-2024-24592
was published
Feb 6, 2024
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices...
Critical
Unreviewed
CVE-2019-12583
was published
May 24, 2022
eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to...
Critical
Unreviewed
CVE-2019-9884
was published
May 24, 2022
A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request...
Critical
Unreviewed
CVE-2024-33897
was published
Aug 6, 2024
ProTip!
Advisories are also available from the
GraphQL API