Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,558 advisories

Loading
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an... Moderate Unreviewed
CVE-2024-11209 was published Nov 14, 2024
Symfony has an Authentication Bypass via RememberMe High
CVE-2024-51996 was published for symfony/security-http (Composer) Nov 13, 2024
jderusse m0xr4
stof
Windows Task Scheduler Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-49039 was published Nov 12, 2024
A vulnerability was found in pam_access due to the improper handling of tokens in access.conf,... Moderate Unreviewed
CVE-2024-10963 was published Nov 7, 2024
Symfony's `Security::login` does not take into account custom `user_checker` Low
CVE-2024-50341 was published for symfony/security-bundle (Composer) Nov 6, 2024
94noni xabbuh
The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in... High Unreviewed
CVE-2024-10020 was published Nov 6, 2024
The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress... High Unreviewed
CVE-2024-9946 was published Nov 6, 2024
Waybox Enel X web management API authentication could be bypassed and provide administrator’s... High Unreviewed
CVE-2023-29117 was published Nov 5, 2024
gitsign may use incorrect Rekor entries during verification Low
CVE-2024-51746 was published for github.com/sigstore/gitsign (Go) Nov 5, 2024
adityasaky
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all... High Unreviewed
CVE-2024-10114 was published Nov 5, 2024
The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication... High Unreviewed
CVE-2024-10097 was published Nov 5, 2024
A vulnerability was found in knightliao Disconf 2.6.36. It has been classified as critical. This... Moderate Unreviewed
CVE-2024-10620 was published Nov 1, 2024
Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs Low
CVE-2024-49755 was published for Duende.IdentityServer (NuGet) Oct 28, 2024
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless... Critical Unreviewed
CVE-2024-50478 was published Oct 28, 2024
User Registration Bypass in Zitadel High
CVE-2024-49757 was published for github.com/zitadel/zitadel (Go) Oct 25, 2024
evilgensec sevensolutions
fforootd
Autolab Misconfigured Reset Password Permissions High
CVE-2024-49376 was published for Autolab (RubyGems) Oct 25, 2024
HenryHuang2004
In WhatsUp Gold versions released before 2024.0.0,  an Authentication Bypass issue exists which... Critical Unreviewed
CVE-2024-7763 was published Oct 24, 2024
A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows... High Unreviewed
CVE-2024-10327 was published Oct 24, 2024
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions... High Unreviewed
CVE-2024-9947 was published Oct 23, 2024
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via... High Unreviewed
CVE-2024-9927 was published Oct 23, 2024
A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this... Moderate Unreviewed
CVE-2024-10173 was published Oct 20, 2024
Improper Authentication vulnerability in Apache Solr Critical
CVE-2024-45216 was published for org.apache.solr:solr (Maven) Oct 16, 2024
The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in... Critical Unreviewed
CVE-2020-36832 was published Oct 16, 2024
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate... High Unreviewed
CVE-2024-38139 was published Oct 16, 2024
Matrix JavaScript SDK's key history sharing could share keys to malicious devices High
CVE-2024-47080 was published for matrix-js-sdk (npm) Oct 15, 2024
dkasak
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database