Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

299 advisories

Loading
Mautic has insufficient authentication in upgrade flow High
CVE-2022-25770 was published for mautic/core (Composer) Sep 19, 2024
Mautic has insufficient authentication in upgrade flow High
CVE-2024-47051 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP... High Unreviewed
CVE-2024-8751 was published Sep 13, 2024
An authentication bypass weakness in the message broker service of Ivanti Workspace Control... High Unreviewed
CVE-2024-8012 was published Sep 10, 2024
Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and... High Unreviewed
CVE-2024-39300 was published Aug 30, 2024
Chisel's AUTH environment variable not respected in server entrypoint High
CVE-2024-43798 was published for github.com/jpillora/chisel (Go) Aug 27, 2024
lleyton korewaChino
jpillora
The product exposes a service that is intended for local only to all network interfaces without... High Unreviewed
CVE-2024-7940 was published Aug 27, 2024
A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00... High Unreviewed
CVE-2024-35124 was published Aug 13, 2024
Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass... High Unreviewed
CVE-2024-7007 was published Jul 25, 2024
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5... High Unreviewed
CVE-2024-39601 was published Jul 22, 2024
IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive... High Unreviewed
CVE-2024-31916 was published Jun 27, 2024
STRIMZI incorrect access control High
CVE-2024-36543 was published for io.strimzi:strimzi (Maven) Jun 17, 2024
Toshiba printers provides API without authentication for internal access. A local attacker can... High Unreviewed
CVE-2024-27169 was published Jun 14, 2024
Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability.... High Unreviewed
CVE-2024-5951 was published Jun 13, 2024
Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import... High Unreviewed
CVE-2024-34800 was published Jun 10, 2024
Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller... High Unreviewed
CVE-2024-32752 was published Jun 6, 2024
When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the... High Unreviewed
CVE-2023-5935 was published May 15, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected... High Unreviewed
CVE-2024-27942 was published May 14, 2024
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an... High Unreviewed
CVE-2024-2860 was published May 8, 2024
By design, the DHCP protocol does not authenticate messages, including for example the classless... High Unreviewed
CVE-2024-3661 was published May 6, 2024
Voltronic Power ViewPower getModbusPassword Missing Authentication Information Disclosure... High Unreviewed
CVE-2023-51587 was published May 3, 2024
D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution... High Unreviewed
CVE-2023-50199 was published May 3, 2024
NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network... High Unreviewed
CVE-2023-41183 was published May 3, 2024
D-Link DAP-1325 HNAP Missing Authentication Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2023-41187 was published May 3, 2024
Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function... High Unreviewed
CVE-2023-38123 was published May 3, 2024
ProTip! Advisories are also available from the GraphQL API