GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,193
Composer 4,342
Erlang 31
GitHub Actions 22
Go 2,106
Maven 5,281
npm 3,764
NuGet 679
pip 3,451
Pub 12
RubyGems 892
Rust 885
Swift 37

Unreviewed advisories

All unreviewed 243,017

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

916 advisories

Filter by severity

Sort by

Least recently updated

An unauthenticated remote attacker can modify configurations to perform a remote code execution... Critical Unreviewed

CVE-2024-25995 was published Mar 12, 2024

The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed

CVE-2024-10284 was published Nov 9, 2024

The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business... Critical Unreviewed

CVE-2022-26143 was published Mar 11, 2022

Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or... Moderate Unreviewed

CVE-2020-3952 was published May 24, 2022

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to... High Unreviewed

CVE-2024-9861 was published Oct 17, 2024

Undisclosed requests may bypass configuration utility authentication, allowing an attacker... Critical Unreviewed

CVE-2023-46747 was published Oct 26, 2023

SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability... Critical Unreviewed

CVE-2023-1096 was published May 12, 2023

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to,... Critical Unreviewed

CVE-2024-12857 was published Jan 22, 2025

An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to... High Unreviewed

CVE-2024-45276 was published Oct 15, 2024

A file handling command vulnerability in certain versions of Armoury Crate may result in... High Unreviewed

CVE-2024-12957 was published Jan 23, 2025

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... Critical Unreviewed

CVE-2025-21535 was published Jan 21, 2025

A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version... High Unreviewed

CVE-2024-47574 was published Nov 13, 2024

Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects... High Unreviewed

CVE-2024-7125 was published Aug 27, 2024

Even if the authentication fails for local service authentication, the requested command could... Critical Unreviewed

CVE-2022-46732 was published Jan 18, 2023

An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote... Critical Unreviewed

CVE-2024-11639 was published Dec 10, 2024

Nedap Librix Ecoreader is missing authentication for critical functions that could allow an ... High Unreviewed

CVE-2024-12757 was published Jan 17, 2025

The affected product lacks an authentication check when sending commands to the server via the... High Unreviewed

CVE-2024-9137 was published Oct 14, 2024

Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint... High Unreviewed

CVE-2023-33247 was published May 26, 2023

The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing... Critical Unreviewed

CVE-2025-0456 was published Jan 16, 2025

The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of... High Unreviewed

CVE-2023-31227 was published May 26, 2023

Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver... High Unreviewed

CVE-2025-0355 was published Jan 15, 2025

A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8... Critical Unreviewed

CVE-2024-39273 was published Jan 14, 2025

An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000... Moderate Unreviewed

CVE-2024-39773 was published Jan 14, 2025

A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8... Critical Unreviewed

CVE-2024-39608 was published Jan 14, 2025

A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0... High Unreviewed

CVE-2024-35277 was published Jan 14, 2025

Previous 1 2 3 4 5 … 36 37 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

916 advisories