Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,339
Erlang
31
GitHub Actions
22
Go
2,099
Maven
5,000+
npm
3,763
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
883
Swift
37
Unreviewed advisories
All unreviewed
5,000+

367 advisories

Loading
An authentication bypass weakness in the message broker service of Ivanti Workspace Control... High Unreviewed
CVE-2024-8012 was published Sep 10, 2024
Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and... High Unreviewed
CVE-2024-39300 was published Aug 30, 2024
Chisel's AUTH environment variable not respected in server entrypoint High
CVE-2024-43798 was published for github.com/jpillora/chisel (Go) Aug 27, 2024
lleyton korewaChino
jpillora
The product exposes a service that is intended for local only to all network interfaces without... High Unreviewed
CVE-2024-7940 was published Aug 27, 2024
Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects... High Unreviewed
CVE-2024-7125 was published Aug 27, 2024
A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00... High Unreviewed
CVE-2024-35124 was published Aug 13, 2024
Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass... High Unreviewed
CVE-2024-7007 was published Jul 25, 2024
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5... High Unreviewed
CVE-2024-39601 was published Jul 22, 2024
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL... High Unreviewed
CVE-2024-21146 was published Jul 17, 2024
Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access... High Unreviewed
CVE-2024-37767 was published Jul 5, 2024
IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive... High Unreviewed
CVE-2024-31916 was published Jun 27, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider High
CVE-2023-22650 was published for github.com/rancher/rancher (Go) Jun 17, 2024
STRIMZI incorrect access control High
CVE-2024-36543 was published for io.strimzi:strimzi (Maven) Jun 17, 2024
Toshiba printers provides API without authentication for internal access. A local attacker can... High Unreviewed
CVE-2024-27169 was published Jun 14, 2024
Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability.... High Unreviewed
CVE-2024-5951 was published Jun 13, 2024
Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import... High Unreviewed
CVE-2024-34800 was published Jun 10, 2024
Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller... High Unreviewed
CVE-2024-32752 was published Jun 6, 2024
When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the... High Unreviewed
CVE-2023-5935 was published May 15, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected... High Unreviewed
CVE-2024-27942 was published May 14, 2024
An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access... High Unreviewed
CVE-2022-32503 was published May 14, 2024
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an... High Unreviewed
CVE-2024-2860 was published May 8, 2024
By design, the DHCP protocol does not authenticate messages, including for example the classless... High Unreviewed
CVE-2024-3661 was published May 6, 2024
Voltronic Power ViewPower getModbusPassword Missing Authentication Information Disclosure... High Unreviewed
CVE-2023-51587 was published May 3, 2024
D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution... High Unreviewed
CVE-2023-50199 was published May 3, 2024
D-Link DAP-1325 HNAP Missing Authentication Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2023-41187 was published May 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database