GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
22 advisories
Filter by severity
Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE...
High
Unreviewed
CVE-2024-47397
was published
Dec 18, 2024
Weak Authentication vulnerability in Guido VS Contact Form allows Authentication Abuse.This issue...
Moderate
Unreviewed
CVE-2023-41862
was published
Dec 13, 2024
Active Directory Certificate Services Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-49019
was published
Nov 12, 2024
The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication...
Critical
Unreviewed
CVE-2024-45367
was published
Oct 4, 2024
In the goTenna Pro ATAK Plugin there is a vulnerability that makes it
possible to inject any...
Moderate
Unreviewed
CVE-2024-41722
was published
Sep 26, 2024
In the goTenna Pro there is a vulnerability that makes it possible to inject any custom message...
Moderate
Unreviewed
CVE-2024-47127
was published
Sep 26, 2024
Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September...
Moderate
Unreviewed
CVE-2024-8322
was published
Sep 10, 2024
Windows Kerberos Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-38239
was published
Sep 10, 2024
Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate...
Critical
Unreviewed
CVE-2024-38182
was published
Aug 1, 2024
The /n software IPWorks SSH library SFTPServer component can be induced to make unintended...
Low
Unreviewed
CVE-2024-6580
was published
Jul 8, 2024
Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission...
Critical
Unreviewed
CVE-2024-0949
was published
Jun 27, 2024
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection...
Critical
Unreviewed
CVE-2024-34451
was published
Jun 17, 2024
A vulnerability was found in Quay. If an attacker can obtain the client ID for an application,...
Moderate
Unreviewed
CVE-2024-5891
was published
Jun 12, 2024
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-35248
was published
Jun 11, 2024
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor...
High
Unreviewed
CVE-2024-29837
was published
Apr 15, 2024
An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011,...
Critical
Unreviewed
CVE-2023-49340
was published
Mar 9, 2024
An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation...
Critical
Unreviewed
CVE-2024-0822
was published
Jan 25, 2024
ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make...
High
Unreviewed
CVE-2023-4094
was published
Sep 19, 2023
Jetty's OpenId Revoked authentication allows one request
Low
CVE-2023-41900
was published
for
org.eclipse.jetty:jetty-openid
(Maven)
Sep 15, 2023
SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication,...
Critical
Unreviewed
CVE-2023-39439
was published
Aug 8, 2023
A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4...
High
Unreviewed
CVE-2022-45860
was published
May 4, 2023
A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions <...
Critical
Unreviewed
CVE-2022-43400
was published
Oct 21, 2022
ProTip!
Advisories are also available from the
GraphQL API