Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,613
NuGet
638
pip
3,216
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,505 advisories

Loading
CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product.... Critical Unreviewed
CVE-2024-45823 was published Sep 12, 2024
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-38225 was published Sep 10, 2024
Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function. Critical Unreviewed
CVE-2023-37226 was published Sep 10, 2024
A vulnerability that allows a user who has been assigned a low-privileged role within Veeam... High Unreviewed
CVE-2024-40713 was published Sep 7, 2024
An improper authentication vulnerability has been reported to affect Music Station. If exploited,... Moderate Unreviewed
CVE-2023-45038 was published Sep 6, 2024
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain... Moderate Unreviewed
CVE-2024-5956 was published Sep 5, 2024
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs... Moderate Unreviewed
CVE-2024-5957 was published Sep 5, 2024
ZZCMS 2023 contains a vulnerability in the captcha reuse logic located in /inc/function.php. The... Moderate Unreviewed
CVE-2024-44821 was published Sep 4, 2024
An authentication bypass vulnerability has been identified in Pulpcore when deployed with... Critical Unreviewed
CVE-2024-7923 was published Sep 4, 2024
An authentication bypass vulnerability has been identified in Foreman when deployed with External... Critical Unreviewed
CVE-2024-7012 was published Sep 4, 2024
The PixelYourSite – Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for... Moderate Unreviewed
CVE-2024-7870 was published Sep 4, 2024
Host name validation for TLS certificates is bypassed when the installed OpenEdge default... High Unreviewed
CVE-2024-7346 was published Sep 3, 2024
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor... Moderate Unreviewed
CVE-2024-7745 was published Aug 28, 2024
Flowise Authentication Bypass vulnerability High
CVE-2024-8181 was published for flowise (npm) Aug 27, 2024
Netskope was notified about a security gap in Netskope Client enrollment process where NSClient... High Unreviewed
CVE-2024-7401 was published Aug 26, 2024
cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an unauthenticated attacker... High Unreviewed
CVE-2024-36444 was published Aug 22, 2024
Ghost's improper authentication allows access to member information and actions Moderate
CVE-2024-43409 was published for @tryghost/portal (npm) Aug 20, 2024
1337Nerd
Servision - CWE-287: Improper Authentication High Unreviewed
CVE-2024-42336 was published Aug 20, 2024
Spring Security Missing Authorization vulnerability Moderate
CVE-2024-38810 was published for org.springframework.security:spring-security-core (Maven) Aug 20, 2024
Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows... Critical Unreviewed
CVE-2024-42462 was published Aug 16, 2024
Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical... Moderate Unreviewed
CVE-2024-31800 was published Aug 15, 2024
CVE-2024-6078 IMPACT An improper authentication vulnerability exists in the affected product,... High Unreviewed
CVE-2024-6078 was published Aug 14, 2024
An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with... Moderate Unreviewed
CVE-2024-25157 was published Aug 14, 2024
BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been... Moderate Unreviewed
CVE-2024-37028 was published Aug 14, 2024
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1... Critical Unreviewed
CVE-2024-7593 was published Aug 13, 2024
ProTip! Advisories are also available from the GraphQL API