Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

313 advisories

Loading
NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port... Critical Unreviewed
CVE-2023-49693 was published Nov 30, 2023
Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet... Critical Unreviewed
CVE-2023-42770 was published Nov 21, 2023
Missing authentication for critical function vulnerability in First Corporation's DVRs allows a... Critical Unreviewed
CVE-2023-47674 was published Nov 16, 2023
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware... Critical Unreviewed
CVE-2023-34060 was published Nov 14, 2023
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an... Critical Unreviewed
CVE-2023-41351 was published Nov 3, 2023
Undisclosed requests may bypass configuration utility authentication, allowing an attacker... Critical Unreviewed
CVE-2023-46747 was published Oct 26, 2023
A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius... Critical Unreviewed
CVE-2023-39930 was published Oct 25, 2023
Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier... Critical Unreviewed
CVE-2023-26573 was published Oct 25, 2023
Vulnerability of access permissions not being strictly verified in the APPWidget module... Critical Unreviewed
CVE-2023-44116 was published Oct 11, 2023
Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete... Critical Unreviewed
CVE-2023-43271 was published Oct 9, 2023
sing-box vulnerable to improper authentication in the SOCKS inbound Critical
CVE-2023-43644 was published for github.com/sagernet/sing (Go) Sep 26, 2023
Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas... Critical Unreviewed
CVE-2023-4702 was published Sep 14, 2023
Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An... Critical Unreviewed
CVE-2023-38028 was published Aug 28, 2023
SAP PowerDesigner - version 16.7, has improper access control which might allow an... Critical Unreviewed
CVE-2023-37483 was published Aug 8, 2023
Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11... Critical Unreviewed
CVE-2023-36669 was published Jul 18, 2023
CasaOS Gateway vulnerable to incorrect identification of source IP addresses Critical
CVE-2023-37265 was published for github.com/IceWhaleTech/CasaOS-Gateway (Go) Jul 17, 2023
thomas-chauchefoin-sonarsource
AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to... Critical Unreviewed
CVE-2023-34335 was published Jul 6, 2023
In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an... Critical Unreviewed
CVE-2023-30744 was published Jul 6, 2023
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated... Critical Unreviewed
CVE-2022-41629 was published Jul 6, 2023
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed
CVE-2023-2834 was published Jun 30, 2023
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be... Critical Unreviewed
CVE-2023-35854 was published Jun 20, 2023
A remote unprivileged attacker can modify and access configuration settings on the EventCam App... Critical Unreviewed
CVE-2023-31411 was published Jun 19, 2023
FINS (Factory Interface Network Service) is a message communication protocol, which is designed... Critical Unreviewed
CVE-2023-27396 was published Jun 19, 2023
The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed
CVE-2020-36724 was published Jun 7, 2023
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed
CVE-2020-36713 was published Jun 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database