Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,558 advisories

Loading
Autolab Misconfigured Reset Password Permissions High
CVE-2024-49376 was published for Autolab (RubyGems) Oct 25, 2024
HenryHuang2004
Symfony has an Authentication Bypass via RememberMe High
CVE-2024-51996 was published for symfony/security-http (Composer) Nov 13, 2024
jderusse m0xr4
stof
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an... Moderate Unreviewed
CVE-2024-11209 was published Nov 14, 2024
Erroneous authentication pass in Spring Security High
CVE-2024-22257 was published for org.springframework.security:spring-security-core (Maven) Mar 18, 2024
Windows Task Scheduler Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-49039 was published Nov 12, 2024
A vulnerability was found in pam_access due to the improper handling of tokens in access.conf,... Moderate Unreviewed
CVE-2024-10963 was published Nov 7, 2024
Symfony's `Security::login` does not take into account custom `user_checker` Low
CVE-2024-50341 was published for symfony/security-bundle (Composer) Nov 6, 2024
94noni xabbuh
gitsign may use incorrect Rekor entries during verification Low
CVE-2024-51746 was published for github.com/sigstore/gitsign (Go) Nov 5, 2024
adityasaky
The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress... High Unreviewed
CVE-2024-9946 was published Nov 6, 2024
The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in... High Unreviewed
CVE-2024-10020 was published Nov 6, 2024
An authentication bypass vulnerability has been identified in Foreman when deployed with External... Critical Unreviewed
CVE-2024-7012 was published Sep 4, 2024
Waybox Enel X web management API authentication could be bypassed and provide administrator’s... High Unreviewed
CVE-2023-29117 was published Nov 5, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all... High Unreviewed
CVE-2024-10114 was published Nov 5, 2024
The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication... High Unreviewed
CVE-2024-10097 was published Nov 5, 2024
Lunary Improper Authentication vulnerability High
CVE-2024-6582 was published for lunary (npm) Sep 13, 2024
A vulnerability was found in knightliao Disconf 2.6.36. It has been classified as critical. This... Moderate Unreviewed
CVE-2024-10620 was published Nov 1, 2024
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless... Critical Unreviewed
CVE-2024-50478 was published Oct 28, 2024
Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical... Moderate Unreviewed
CVE-2024-31800 was published Aug 15, 2024
Ghost's improper authentication allows access to member information and actions Moderate
CVE-2024-43409 was published for @tryghost/portal (npm) Aug 20, 2024
1337Nerd
Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs Low
CVE-2024-49755 was published for Duende.IdentityServer (NuGet) Oct 28, 2024
OpenStack Swauth object/proxy server writing Auth Token to log file Critical
CVE-2017-16613 was published for swauth (pip) May 17, 2022
A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions... High Unreviewed
CVE-2023-39981 was published Sep 2, 2023
TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication... High Unreviewed
CVE-2023-33237 was published Aug 17, 2023
Improper Authentication in SaltStack Salt High
CVE-2021-22004 was published for salt (pip) May 24, 2022
Improper Authentication in requests-kerberos Critical
CVE-2014-8650 was published for requests-kerberos (pip) Mar 10, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database