GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
299 advisories
Filter by severity
The devices allow access to an unprotected endpoint that allows MPFS
file system binary image...
High
Unreviewed
CVE-2024-1491
was published
Apr 19, 2024
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
High
Unreviewed
CVE-2024-21007
was published
Apr 17, 2024
An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an...
High
Unreviewed
CVE-2023-4857
was published
Apr 15, 2024
Windows Update Stack Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-26235
was published
Apr 9, 2024
Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service...
High
Unreviewed
CVE-2023-51571
was published
Apr 2, 2024
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
High
CVE-2022-34321
was published
for
org.apache.pulsar:pulsar-proxy
(Maven)
Mar 12, 2024
RPyC's missing security check results in code execution when using numpy.array on the server-side.
High
CVE-2024-27758
was published
for
rpyc
(pip)
Mar 6, 2024
Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication...
High
Unreviewed
CVE-2023-40545
was published
Feb 6, 2024
MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote...
High
Unreviewed
CVE-2023-49115
was published
Feb 2, 2024
The cloud provider MachineSense uses for integration and deployment for multiple MachineSense...
High
Unreviewed
CVE-2023-6221
was published
Feb 2, 2024
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation...
High
Unreviewed
CVE-2023-6942
was published
Jan 30, 2024
An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions)...
High
Unreviewed
CVE-2022-45794
was published
Jan 11, 2024
An authentication issue was addressed with improved state management. This issue is fixed in...
High
Unreviewed
CVE-2023-40393
was published
Jan 11, 2024
Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect ...
High
Unreviewed
CVE-2023-5881
was published
Jan 3, 2024
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an...
High
Unreviewed
CVE-2023-6595
was published
Dec 14, 2023
Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An...
High
Unreviewed
CVE-2023-32460
was published
Dec 8, 2023
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3...
High
Unreviewed
CVE-2023-46381
was published
Nov 5, 2023
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation...
High
Unreviewed
CVE-2022-43554
was published
Nov 3, 2023
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation...
High
Unreviewed
CVE-2022-43555
was published
Nov 3, 2023
TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can...
High
Unreviewed
CVE-2023-46978
was published
Oct 31, 2023
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura...
High
Unreviewed
CVE-2023-40401
was published
Oct 25, 2023
The Android Client application, when enrolled with the define method 1(the user manually inserts...
High
Unreviewed
CVE-2023-45220
was published
Oct 25, 2023
The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker...
High
Unreviewed
CVE-2023-45851
was published
Oct 25, 2023
The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to...
High
Unreviewed
CVE-2023-41255
was published
Oct 25, 2023
Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1...
High
Unreviewed
CVE-2023-27259
was published
Oct 25, 2023
ProTip!
Advisories are also available from the
GraphQL API