GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
786 advisories
Filter by severity
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC)...
Critical
Unreviewed
CVE-2019-16028
was published
May 24, 2022
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability....
Critical
Unreviewed
CVE-2024-11680
was published
Nov 26, 2024
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An...
Critical
Unreviewed
CVE-2023-28461
was published
Mar 16, 2023
An authentication bypass vulnerability has been identified in Pulpcore when deployed with...
Critical
Unreviewed
CVE-2024-7923
was published
Sep 4, 2024
The web application uses a weak authentication mechanism to verify that a request is coming from...
Critical
Unreviewed
CVE-2024-45369
was published
Nov 23, 2024
An authentication bypass vulnerability has been identified in Foreman when deployed with External...
Critical
Unreviewed
CVE-2024-7012
was published
Sep 4, 2024
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless...
Critical
Unreviewed
CVE-2024-50478
was published
Oct 28, 2024
In WhatsUp Gold versions released before 2024.0.0,
an Authentication Bypass issue exists which...
Critical
Unreviewed
CVE-2024-7763
was published
Oct 24, 2024
An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An...
Critical
Unreviewed
CVE-2024-23629
was published
Jan 26, 2024
The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in...
Critical
Unreviewed
CVE-2020-36832
was published
Oct 16, 2024
Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is...
Critical
Unreviewed
CVE-2023-30603
was published
Jul 6, 2023
The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the...
Critical
Unreviewed
CVE-2023-36655
was published
Dec 6, 2023
The authentication mechanism can be bypassed by overflowing the value of the Cookie ...
Critical
Unreviewed
CVE-2023-49262
was published
Jan 12, 2024
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest...
Critical
Unreviewed
CVE-2023-4612
was published
Nov 9, 2023
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an...
Critical
Unreviewed
CVE-2024-45115
was published
Oct 10, 2024
Windows Netlogon Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-38124
was published
Oct 8, 2024
A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only...
Critical
Unreviewed
CVE-2024-41798
was published
Oct 8, 2024
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to...
Critical
Unreviewed
CVE-2022-26136
was published
Jul 21, 2022
An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication.
Critical
Unreviewed
CVE-2024-47218
was published
Sep 22, 2024
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account...
Critical
Unreviewed
CVE-2024-0002
was published
Sep 23, 2024
**UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An...
Critical
Unreviewed
CVE-2024-34399
was published
Sep 18, 2024
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication...
Critical
Unreviewed
CVE-2024-8956
was published
Sep 17, 2024
CVE-2024-45823 IMPACT
An
authentication bypass vulnerability exists in the affected product....
Critical
Unreviewed
CVE-2024-45823
was published
Sep 12, 2024
Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.
Critical
Unreviewed
CVE-2023-37226
was published
Sep 10, 2024
HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass.
Critical
Unreviewed
CVE-2024-22441
was published
Jun 13, 2024
ProTip!
Advisories are also available from the
GraphQL API