GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
1,263 advisories
Filter by severity
An image with a version lower than the fuse version may potentially be booted lead to improper...
High
Unreviewed
CVE-2018-11952
was published
Nov 26, 2024
Initial xbl_sec revision does not have all the debug policy features and critical checks.
High
Unreviewed
CVE-2016-10394
was published
Nov 26, 2024
Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability....
High
Unreviewed
CVE-2024-6248
was published
Nov 22, 2024
**UNSUPPORTED WHEN ASSIGNED** The improper authentication vulnerability in the Zyxel P-6101C ADSL...
High
Unreviewed
CVE-2024-11494
was published
Nov 20, 2024
Windows Task Scheduler Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-49039
was published
Nov 12, 2024
The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in...
High
Unreviewed
CVE-2024-10020
was published
Nov 6, 2024
The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress...
High
Unreviewed
CVE-2024-9946
was published
Nov 6, 2024
Waybox Enel X web management API authentication could be bypassed and provide administrator’s...
High
Unreviewed
CVE-2023-29117
was published
Nov 5, 2024
The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication...
High
Unreviewed
CVE-2024-10097
was published
Nov 5, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all...
High
Unreviewed
CVE-2024-10114
was published
Nov 5, 2024
A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows...
High
Unreviewed
CVE-2024-10327
was published
Oct 24, 2024
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions...
High
Unreviewed
CVE-2024-9947
was published
Oct 23, 2024
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via...
High
Unreviewed
CVE-2024-9927
was published
Oct 23, 2024
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate...
High
Unreviewed
CVE-2024-38139
was published
Oct 16, 2024
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an...
High
Unreviewed
CVE-2024-45148
was published
Oct 10, 2024
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows...
High
Unreviewed
CVE-2024-43685
was published
Oct 4, 2024
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests.
High
Unreviewed
CVE-2024-41589
was published
Oct 3, 2024
The goTenna Pro series does not authenticate public keys which allows an unauthenticated attacker...
High
Unreviewed
CVE-2024-47125
was published
Sep 26, 2024
An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN...
High
Unreviewed
CVE-2024-45750
was published
Sep 25, 2024
Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA...
High
Unreviewed
CVE-2024-41929
was published
Sep 18, 2024
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication...
High
Unreviewed
CVE-2024-45113
was published
Sep 13, 2024
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-38225
was published
Sep 10, 2024
A vulnerability that allows a user who has been assigned a low-privileged role within Veeam...
High
Unreviewed
CVE-2024-40713
was published
Sep 7, 2024
Host name validation for TLS certificates is bypassed when the installed OpenEdge default...
High
Unreviewed
CVE-2024-7346
was published
Sep 3, 2024
Netskope was notified about a security gap in Netskope Client enrollment process where NSClient...
High
Unreviewed
CVE-2024-7401
was published
Aug 26, 2024
ProTip!
Advisories are also available from the
GraphQL API