GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,414 advisories
Filter by severity
Autolab Misconfigured Reset Password Permissions
High
CVE-2024-49376
was published
for
Autolab
(RubyGems)
Oct 25, 2024
Symfony has an Authentication Bypass via RememberMe
High
CVE-2024-51996
was published
for
symfony/security-http
(Composer)
Nov 13, 2024
Erroneous authentication pass in Spring Security
High
CVE-2024-22257
was published
for
org.springframework.security:spring-security-core
(Maven)
Mar 18, 2024
Windows Task Scheduler Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-49039
was published
Nov 12, 2024
The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress...
High
Unreviewed
CVE-2024-9946
was published
Nov 6, 2024
The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in...
High
Unreviewed
CVE-2024-10020
was published
Nov 6, 2024
Waybox Enel X web management API authentication could be bypassed and provide administrator’s...
High
Unreviewed
CVE-2023-29117
was published
Nov 5, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all...
High
Unreviewed
CVE-2024-10114
was published
Nov 5, 2024
The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication...
High
Unreviewed
CVE-2024-10097
was published
Nov 5, 2024
Lunary Improper Authentication vulnerability
High
CVE-2024-6582
was published
for
lunary
(npm)
Sep 13, 2024
A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions...
High
Unreviewed
CVE-2023-39981
was published
Sep 2, 2023
TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication...
High
Unreviewed
CVE-2023-33237
was published
Aug 17, 2023
Improper Authentication in SaltStack Salt
High
CVE-2021-22004
was published
for
salt
(pip)
May 24, 2022
Salt has insufficient argument validation in several modules
High
CVE-2013-4435
was published
for
salt
(pip)
May 17, 2022
rdiffweb vulnerable to Authentication Bypass by Primary Weakness
High
CVE-2022-4722
was published
for
rdiffweb
(pip)
Dec 27, 2022
Python-saml allows manipulation of SAML data without invalidation of cryptographic signature
High
CVE-2017-11427
was published
for
python-saml
(pip)
Jul 5, 2019
User Registration Bypass in Zitadel
High
CVE-2024-49757
was published
for
github.com/zitadel/zitadel
(Go)
Oct 25, 2024
A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows...
High
Unreviewed
CVE-2024-10327
was published
Oct 24, 2024
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions...
High
Unreviewed
CVE-2024-9947
was published
Oct 23, 2024
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via...
High
Unreviewed
CVE-2024-9927
was published
Oct 23, 2024
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api
High
CVE-2017-5192
was published
for
salt
(pip)
May 17, 2022
Logic error in authentication in proxy.py
High
CVE-2021-3116
was published
for
proxy.py
(pip)
Apr 7, 2021
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows...
High
Unreviewed
CVE-2024-43685
was published
Oct 4, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
High
CVE-2023-22650
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate...
High
Unreviewed
CVE-2024-38139
was published
Oct 16, 2024
ProTip!
Advisories are also available from the
GraphQL API