GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
89 advisories
Filter by severity
The impacted products, when configured to use SSO, are affected by an improper authentication...
Critical
Unreviewed
CVE-2021-43935
was published
Dec 16, 2021
Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication...
Critical
Unreviewed
CVE-2021-27453
was published
Dec 22, 2021
An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any...
Critical
Unreviewed
CVE-2021-43985
was published
Dec 24, 2021
This vulnerability allows remote attackers to bypass authentication on affected installations of...
Critical
Unreviewed
CVE-2022-24047
was published
Feb 19, 2022
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows...
Critical
Unreviewed
CVE-2022-0992
was published
Apr 20, 2022
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability....
Critical
Unreviewed
CVE-2019-3758
was published
May 24, 2022
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote...
Critical
Unreviewed
CVE-2020-10148
was published
May 24, 2022
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new...
Critical
Unreviewed
CVE-2021-32967
was published
May 24, 2022
ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated...
Critical
Unreviewed
CVE-2021-41292
was published
May 24, 2022
Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an...
Critical
Unreviewed
CVE-2021-36308
was published
May 24, 2022
SQL injection and file upload attacks are possible due to insufficient validation of input values...
Critical
Unreviewed
CVE-2021-26634
was published
Jun 3, 2022
This vulnerability allows remote attackers to bypass authentication on affected installations of...
Critical
Unreviewed
CVE-2022-35869
was published
Jul 26, 2022
Unauthorized access to Gateway user capabilities
Critical
Unreviewed
CVE-2022-27510
was published
Nov 9, 2022
Even if the authentication fails for local service authentication, the requested command could...
Critical
Unreviewed
CVE-2022-46732
was published
Jan 18, 2023
The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in...
Critical
Unreviewed
CVE-2023-2027
was published
Apr 15, 2023
The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up...
Critical
Unreviewed
CVE-2023-2499
was published
May 16, 2023
The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up...
Critical
Unreviewed
CVE-2023-2704
was published
May 19, 2023
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and...
Critical
Unreviewed
CVE-2023-2732
was published
May 25, 2023
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and...
Critical
Unreviewed
CVE-2023-2733
was published
May 25, 2023
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and...
Critical
Unreviewed
CVE-2023-2734
was published
May 25, 2023
The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication...
Critical
Unreviewed
CVE-2023-2781
was published
Jun 3, 2023
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and...
Critical
Unreviewed
CVE-2020-36713
was published
Jun 7, 2023
The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and...
Critical
Unreviewed
CVE-2020-36724
was published
Jun 7, 2023
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication...
Critical
Unreviewed
CVE-2023-2986
was published
Jun 8, 2023
The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress...
Critical
Unreviewed
CVE-2023-2982
was published
Jun 29, 2023
ProTip!
Advisories are also available from the
GraphQL API