Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,558 advisories

Loading
The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote... Critical Unreviewed
CVE-2024-23470 was published Jul 17, 2024
Skupper uses a static cookie secret for the openshift oauth-proxy Moderate
CVE-2024-6535 was published for github.com/skupperproject/skupper (Go) Jul 17, 2024
The vulnerability could be remotely exploited to bypass authentication. Critical Unreviewed
CVE-2024-22442 was published Jul 16, 2024
Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received... Moderate Unreviewed
CVE-2024-39767 was published Jul 15, 2024
Securepoint UTM before 12.6.5 mishandles OTP codes. High Unreviewed
CVE-2024-39340 was published Jul 12, 2024
SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User Moderate
GHSA-gh9f-6xm2-c4j2 was published for surrealdb (Rust) Jul 11, 2024
ericwhitefield
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to... Moderate Unreviewed
CVE-2024-38433 was published Jul 11, 2024
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-6397 was published Jul 11, 2024
Sensitive information disclosure in NetScaler Console Critical Unreviewed
CVE-2024-6235 was published Jul 10, 2024
Windows Remote Desktop Licensing Service Denial of Service Vulnerability Moderate Unreviewed
CVE-2024-38099 was published Jul 9, 2024
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the... Moderate Unreviewed
CVE-2024-39723 was published Jul 8, 2024
Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64... Moderate Unreviewed
CVE-2024-1573 was published Jul 4, 2024
Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when... High Unreviewed
CVE-2024-39830 was published Jul 3, 2024
In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using... High Unreviewed
CVE-2024-3826 was published Jul 2, 2024
Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass... High Unreviewed
CVE-2024-34596 was published Jul 2, 2024
Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers... Moderate Unreviewed
CVE-2024-20900 was published Jul 2, 2024
Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair... Moderate Unreviewed
CVE-2024-20889 was published Jul 2, 2024
Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to... Moderate Unreviewed
CVE-2024-20890 was published Jul 2, 2024
The N-central server is vulnerable to an authentication bypass of the user interface. This... Critical Unreviewed
CVE-2024-28200 was published Jul 1, 2024
An issue was discovered on HMS Anybus X-Gateway AB7832-F firmware version 3. The HICP protocol... High Unreviewed
CVE-2024-23767 was published Jun 26, 2024
In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication... High Unreviewed
CVE-2024-5012 was published Jun 25, 2024
Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows... Critical Unreviewed
CVE-2024-5805 was published Jun 25, 2024
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to... High Unreviewed
CVE-2024-5806 was published Jun 25, 2024
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient... Moderate Unreviewed
CVE-2024-37085 was published Jun 25, 2024
Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly... Moderate Unreviewed
CVE-2024-37233 was published Jun 24, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database