GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,342
Composer 4,134
Erlang 29
GitHub Actions 19
Go 1,941
Maven 5,135
npm 3,678
NuGet 645
pip 3,297
Pub 11
RubyGems 877
Rust 830
Swift 35

Unreviewed advisories

All unreviewed 231,344

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

207 advisories

Filter by severity

Sort by

Least recently updated

An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An... Critical Unreviewed

CVE-2024-23629 was published Jan 26, 2024

An improper authorization vulnerability exists in the mintplex-labs/anything-llm application,... Critical Unreviewed

CVE-2024-3033 was published Jun 6, 2024

An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker... Critical Unreviewed

CVE-2024-48786 was published Oct 11, 2024

An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote... Critical Unreviewed

CVE-2024-48778 was published Oct 11, 2024

An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker... Critical Unreviewed

CVE-2024-48784 was published Oct 11, 2024

An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive... Critical Unreviewed

CVE-2024-48772 was published Oct 11, 2024

An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain... Critical Unreviewed

CVE-2024-48769 was published Oct 11, 2024

An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain... Critical Unreviewed

CVE-2024-48787 was published Oct 11, 2024

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0... Critical Unreviewed

CVE-2024-45519 was published Oct 3, 2024

Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers... Critical Unreviewed

CVE-2024-45160 was published Oct 9, 2024

The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect... Critical Unreviewed

CVE-2023-6036 was published Feb 12, 2024

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2... Critical Unreviewed

CVE-2023-5009 was published Sep 19, 2023

Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows... Critical Unreviewed

CVE-2024-8606 was published Sep 23, 2024

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing... Critical Unreviewed

CVE-2023-40309 was published Sep 15, 2023

Incorrect Authorization vulnerability in the protocol communication between the WatchGuard... Critical Unreviewed

CVE-2024-6592 was published Sep 25, 2024

Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On... Critical Unreviewed

CVE-2024-6593 was published Sep 25, 2024

app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org... Critical Unreviewed

CVE-2024-46918 was published Sep 16, 2024

An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also... Critical Unreviewed

CVE-2023-43119 was published Oct 16, 2023

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x... Critical Unreviewed

CVE-2022-30311 was published Jun 14, 2022

Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password... Critical Unreviewed

CVE-2021-3833 was published May 24, 2022

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web... Critical Unreviewed

CVE-2022-30309 was published Jun 14, 2022

In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access... Critical Unreviewed

CVE-2024-45509 was published Sep 2, 2024

HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability... Critical Unreviewed

CVE-2024-6202 was published Aug 6, 2024

Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve... Critical Unreviewed

CVE-2024-6782 was published Aug 6, 2024

In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report... Critical Unreviewed

CVE-2024-25652 was published Mar 14, 2024

Previous 1 2 3 4 5 … 8 9 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

207 advisories