Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

245 advisories

Loading
CoreDNS Cache Poisoning via a birthday attack Low
CVE-2023-30464 was published for github.com/coredns/coredns (Go) Sep 18, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7... Critical Unreviewed
CVE-2024-6678 was published Sep 12, 2024
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the... High Unreviewed
CVE-2024-44104 was published Sep 10, 2024
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor... Moderate Unreviewed
CVE-2024-7745 was published Aug 28, 2024
Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting... Moderate Unreviewed
CVE-2024-35539 was published Aug 19, 2024
Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows... Moderate Unreviewed
CVE-2024-35538 was published Aug 19, 2024
An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue... Moderate Unreviewed
CVE-2024-41432 was published Aug 7, 2024
Apache SeaTunnel Web Authentication vulnerability High
CVE-2023-48396 was published for org.apache.seatunnel:seatunnel-web (Maven) Jul 30, 2024
The CloudStack SAML authentication (disabled by default) does not enforce signature check. In... High Unreviewed
CVE-2024-41107 was published Jul 19, 2024
PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured... High Unreviewed
CVE-2023-40702 was published Jul 9, 2024
PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA... High Unreviewed
CVE-2023-40356 was published Jul 9, 2024
Authentication Bypass by Spoofing vulnerability in Patreon Patreon WordPress allows Functionality... Moderate Unreviewed
CVE-2024-37430 was published Jul 9, 2024
Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39... Moderate Unreviewed
CVE-2024-6163 was published Jul 8, 2024
Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry... Critical Unreviewed
CVE-2024-37082 was published Jul 3, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability Moderate Unreviewed
CVE-2024-30058 was published Jun 13, 2024
A low severity vulnerability in BIPS has been identified where an attacker with high privileges... Low Unreviewed
CVE-2024-5812 was published Jun 11, 2024
Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode... Low Unreviewed
CVE-2024-35749 was published Jun 10, 2024
A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can... High Unreviewed
CVE-2024-5037 was published Jun 5, 2024
Authentication Bypass by Spoofing vulnerability in FeedbackWP Rate my Post – WP Rating System... Moderate Unreviewed
CVE-2023-51667 was published Jun 4, 2024
Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing... Moderate Unreviewed
CVE-2023-52176 was published Jun 4, 2024
Authentication Bypass by Spoofing vulnerability in WPMU DEV Branda allows Accessing Functionality... Moderate Unreviewed
CVE-2023-51542 was published Jun 4, 2024
Authentication Bypass by Spoofing vulnerability in Metagauss RegistrationMagic allows Accessing... Moderate Unreviewed
CVE-2023-51543 was published Jun 4, 2024
Authentication Bypass by Spoofing vulnerability in yonifre Maspik – Spam blacklist allows... Moderate Unreviewed
CVE-2023-48271 was published Jun 4, 2024
Authentication Bypass by Spoofing vulnerability in 10up Restricted Site Access allows Accessing... Moderate Unreviewed
CVE-2023-48753 was published Jun 4, 2024
Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode... Low Unreviewed
CVE-2023-49741 was published Jun 4, 2024
ProTip! Advisories are also available from the GraphQL API