Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,340
Erlang
31
GitHub Actions
22
Go
2,101
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
885
Swift
37
Unreviewed advisories
All unreviewed
5,000+

367 advisories

Loading
Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0... High Unreviewed
CVE-2023-23906 was published May 10, 2023
Mage-ai missing user authentication High
CVE-2023-31143 was published for mage-ai (pip) May 5, 2023
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause... High Unreviewed
CVE-2023-29413 was published Apr 18, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2023-21979 was published Apr 18, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2023-21931 was published Apr 18, 2023
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. This... High Unreviewed
CVE-2023-27747 was published Apr 13, 2023
This vulnerability allows network-adjacent attackers to bypass authentication on affected... High Unreviewed
CVE-2022-27645 was published Mar 29, 2023
When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal... High Unreviewed
CVE-2020-14140 was published Mar 29, 2023
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server... High Unreviewed
CVE-2023-27980 was published Mar 21, 2023
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the... High Unreviewed
CVE-2023-27532 was published Mar 11, 2023
Apollo has potential access control security issue in eureka High
CVE-2023-25570 was published for com.ctrip.framework.apollo:apollo (Maven) Feb 22, 2023
LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform... High Unreviewed
CVE-2023-22803 was published Feb 15, 2023
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this... High Unreviewed
CVE-2022-48300 was published Feb 9, 2023
The bundle management module lacks authentication and control mechanisms in some APIs. Successful... High Unreviewed
CVE-2022-48289 was published Feb 9, 2023
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this... High Unreviewed
CVE-2022-48299 was published Feb 9, 2023
The bundle management module lacks authentication and control mechanisms in some APIs. Successful... High Unreviewed
CVE-2022-48288 was published Feb 9, 2023
Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07... High Unreviewed
CVE-2022-43761 was published Feb 8, 2023
Broken Access Control in 3rd party TYPO3 extension "femanager" High
CVE-2023-25013 was published for in2code/femanager (Composer) Feb 2, 2023
ohader
Broken Access Control in 3rd party TYPO3 extension "femanager" High
CVE-2023-25014 was published for in2code/femanager (Composer) Feb 2, 2023
ohader
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web... High Unreviewed
CVE-2023-21842 was published Jan 18, 2023
Vulnerability in the Oracle iSetup product of Oracle E-Business Suite (component: General Ledger... High Unreviewed
CVE-2023-21856 was published Jan 18, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2023-21837 was published Jan 18, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2023-21839 was published Jan 18, 2023
NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing... High Unreviewed
CVE-2022-42275 was published Jan 13, 2023
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with... High Unreviewed
CVE-2022-42276 was published Jan 13, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database