Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,342
Erlang
31
GitHub Actions
22
Go
2,106
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
885
Swift
37
Unreviewed advisories
All unreviewed
5,000+

367 advisories

Loading
Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute... High Unreviewed
CVE-2018-0554 was published May 14, 2022
Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication... High Unreviewed
CVE-2018-0521 was published May 14, 2022
Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm"... High Unreviewed
CVE-2014-7271 was published May 14, 2022
Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and... High Unreviewed
CVE-2017-10854 was published May 14, 2022
SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for... High Unreviewed
CVE-2018-2360 was published May 14, 2022
The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no... High Unreviewed
CVE-2017-8155 was published May 17, 2022
The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no... High Unreviewed
CVE-2017-8156 was published May 17, 2022
IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a... High Unreviewed
CVE-2017-1483 was published May 17, 2022
The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains... High Unreviewed
CVE-2021-23843 was published Jan 20, 2022
Broken Access Control in 3rd party TYPO3 extension "femanager" High
CVE-2023-25014 was published for in2code/femanager (Composer) Feb 2, 2023
ohader
A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for... High Unreviewed
CVE-2020-25697 was published May 24, 2022
Broken Access Control in 3rd party TYPO3 extension "femanager" High
CVE-2023-25013 was published for in2code/femanager (Composer) Feb 2, 2023
ohader
Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07... High Unreviewed
CVE-2022-43761 was published Feb 8, 2023
A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where... High Unreviewed
CVE-2019-15018 was published May 24, 2022
Apollo has potential access control security issue in eureka High
CVE-2023-25570 was published for com.ctrip.framework.apollo:apollo (Maven) Feb 22, 2023
The bundle management module lacks authentication and control mechanisms in some APIs. Successful... High Unreviewed
CVE-2022-48289 was published Feb 9, 2023
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this... High Unreviewed
CVE-2022-48300 was published Feb 9, 2023
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this... High Unreviewed
CVE-2022-48299 was published Feb 9, 2023
The bundle management module lacks authentication and control mechanisms in some APIs. Successful... High Unreviewed
CVE-2022-48288 was published Feb 9, 2023
On SOYAL AR-727H and AR-829Ev5 devices, all CGI programs allow unauthenticated POST access. High Unreviewed
CVE-2019-6451 was published May 24, 2022
LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform... High Unreviewed
CVE-2023-22803 was published Feb 15, 2023
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the... High Unreviewed
CVE-2023-27532 was published Mar 11, 2023
Missing authentication in ShenYu High
CVE-2022-23945 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server... High Unreviewed
CVE-2023-27980 was published Mar 21, 2023
When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal... High Unreviewed
CVE-2020-14140 was published Mar 29, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database