GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,144
Composer 4,333
Erlang 31
GitHub Actions 22
Go 2,095
Maven 5,265
npm 3,760
NuGet 678
pip 3,446
Pub 12
RubyGems 892
Rust 882
Swift 37

Unreviewed advisories

All unreviewed 242,580

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

794 advisories

Filter by severity

Sort by

Least recently updated

An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation... Critical Unreviewed

CVE-2024-0822 was published Jan 25, 2024

The authentication mechanism can be bypassed by overflowing the value of the Cookie ... Critical Unreviewed

CVE-2023-49262 was published Jan 12, 2024

An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication... Critical Unreviewed

CVE-2023-50919 was published Jan 12, 2024

Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full... Critical Unreviewed

CVE-2023-51717 was published Jan 9, 2024

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value... Critical Unreviewed

CVE-2022-34267 was published Dec 25, 2023

There is broken access control during authentication in Jamf Pro Server before 10.46.1. Critical Unreviewed

CVE-2023-31224 was published Dec 25, 2023

The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due... Critical Unreviewed

CVE-2023-6483 was published Dec 22, 2023

A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as... Critical Unreviewed

CVE-2023-6907 was published Dec 20, 2023

Authentication bypass vulnerability in Amazing Little Poll affecting versions 1.3 and 1.4. This... Critical Unreviewed

CVE-2023-6768 was published Dec 20, 2023

An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with... Critical Unreviewed

CVE-2023-43742 was published Dec 8, 2023

The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the... Critical Unreviewed

CVE-2023-36655 was published Dec 6, 2023

Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data. Critical Unreviewed

CVE-2023-33054 was published Dec 5, 2023

Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows... Critical Unreviewed

CVE-2023-41264 was published Nov 28, 2023

[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to ... Critical Unreviewed

CVE-2023-6329 was published Nov 27, 2023

The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed

CVE-2023-2437 was published Nov 22, 2023

An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify,... Critical Unreviewed

CVE-2023-49105 was published Nov 22, 2023

Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root"... Critical Unreviewed

CVE-2023-29155 was published Nov 20, 2023

Adobe FrameMaker versions 2022 and earlier are affected by an Improper Authentication... Critical Unreviewed

CVE-2023-44324 was published Nov 17, 2023

An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a... Critical Unreviewed

CVE-2023-41442 was published Nov 16, 2023

Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows... Critical Unreviewed

CVE-2023-42531 was published Nov 13, 2023

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest... Critical Unreviewed

CVE-2023-4612 was published Nov 9, 2023

Under a very specific and highly unrecommended configuration, authentication bypass is possible... Critical Unreviewed

CVE-2023-37283 was published Oct 25, 2023

Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier... Critical Unreviewed

CVE-2023-26573 was published Oct 25, 2023

Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main... Critical Unreviewed

CVE-2023-4562 was published Oct 13, 2023

An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325... Critical Unreviewed

CVE-2023-24479 was published Oct 11, 2023

Previous 1 2 3 4 5 6 … 31 32 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

794 advisories