Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

352 advisories

Loading
Authentication Bypass Using an Alternate Path or Channel vulnerability in MaanTheme MaanStore API... Critical Unreviewed
CVE-2024-50487 was published Oct 28, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API... Critical Unreviewed
CVE-2024-50486 was published Oct 28, 2024
An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web... Critical Unreviewed
CVE-2024-42017 was published Sep 30, 2024
JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP... Critical Unreviewed
CVE-2022-29951 was published Jul 27, 2022
SaltStack Salt Unauthenticated Remote Code Execution Critical
CVE-2020-11651 was published for salt (pip) May 24, 2022
Rdiffweb is missing authentication for critical function Critical
CVE-2022-3327 was published for rdiffweb (pip) Oct 20, 2022
CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The... Critical Unreviewed
CVE-2024-10386 was published Oct 25, 2024
An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute... Critical Unreviewed
CVE-2024-26519 was published Oct 23, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST... Critical Unreviewed
CVE-2024-49328 was published Oct 20, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple... Critical Unreviewed
CVE-2024-49604 was published Oct 20, 2024
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through... Critical Unreviewed
CVE-2024-47575 was published Oct 23, 2024
Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of... Critical Unreviewed
CVE-2024-40087 was published Oct 21, 2024
Improper Authentication in Apache Spark Critical
CVE-2020-9480 was published for org.apache.spark:spark-parent_2.11 (Maven) Feb 10, 2022
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing... Critical Unreviewed
CVE-2024-45274 was published Oct 15, 2024
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality,... Critical Unreviewed
CVE-2024-9984 was published Oct 15, 2024
The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated... Critical Unreviewed
CVE-2024-3777 was published Apr 15, 2024
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to... Critical Unreviewed
CVE-2023-5716 was published Jan 19, 2024
An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9,... Critical Unreviewed
CVE-2024-9164 was published Oct 11, 2024
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-9289 was published Oct 1, 2024
TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS... Critical Unreviewed
CVE-2024-41988 was published Oct 3, 2024
An unauthenticated remote attacker may use a missing authentication for critical function... Critical Unreviewed
CVE-2024-35293 was published Oct 2, 2024
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive... Critical Unreviewed
CVE-2023-1083 was published Apr 9, 2024
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control.... Critical Unreviewed
CVE-2024-46293 was published Sep 30, 2024
Certain switch models from PLANET Technology lack proper access control in firmware upload and... Critical Unreviewed
CVE-2024-8456 was published Sep 30, 2024
SAP PowerDesigner - version 16.7, has improper access control which might allow an... Critical Unreviewed
CVE-2023-37483 was published Aug 8, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database