GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,402 advisories
Filter by severity
An authentication bypass vulnerability could allow an attacker to access API functions without...
High
Unreviewed
CVE-2022-4001
was published
Jul 31, 2024
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow...
High
Unreviewed
CVE-2019-6197
was published
Jul 31, 2024
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to...
High
Unreviewed
CVE-2024-6576
was published
Jul 29, 2024
Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi...
High
Unreviewed
CVE-2024-7050
was published
Jul 26, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information...
High
Unreviewed
CVE-2024-28992
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass...
High
Unreviewed
CVE-2024-23465
was published
Jul 17, 2024
Securepoint UTM before 12.6.5 mishandles OTP codes.
High
Unreviewed
CVE-2024-39340
was published
Jul 12, 2024
Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when...
High
Unreviewed
CVE-2024-39830
was published
Jul 3, 2024
In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using...
High
Unreviewed
CVE-2024-3826
was published
Jul 2, 2024
Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass...
High
Unreviewed
CVE-2024-34596
was published
Jul 2, 2024
An issue was discovered on HMS Anybus X-Gateway AB7832-F firmware version 3. The HICP protocol...
High
Unreviewed
CVE-2024-23767
was published
Jun 26, 2024
In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication...
High
Unreviewed
CVE-2024-5012
was published
Jun 25, 2024
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to...
High
Unreviewed
CVE-2024-5806
was published
Jun 25, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
High
CVE-2023-22650
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an...
High
Unreviewed
CVE-2024-27275
was published
Jun 15, 2024
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12....
High
Unreviewed
CVE-2024-37367
was published
Jun 14, 2024
Magento Open Source Improper Authentication vulnerability
High
CVE-2024-34103
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-35248
was published
Jun 11, 2024
fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be...
High
Unreviewed
CVE-2024-37408
was published
Jun 8, 2024
ZendOpenID potential security issue in login mechanism
High
GHSA-3x57-m5p4-rgh4
was published
for
zendframework/zendopenid
(Composer)
Jun 7, 2024
Zendframework potential security issue in login mechanism
High
GHSA-9v78-h226-2rmq
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
TYPO3 Security Misconfiguration for Backend User Accounts
High
GHSA-c5mj-39cf-3pp5
was published
for
typo3/cms
(Composer)
Jun 7, 2024
A vulnerability was found in Clash up to 0.20.1 on Windows. It has been declared as critical....
High
Unreviewed
CVE-2024-5732
was published
Jun 7, 2024
Improper Authentication vulnerability in wpase Admin and Site Enhancements (ASE) allows Accessing...
High
Unreviewed
CVE-2023-46630
was published
Jun 4, 2024
TYPO3 Security Misconfiguration for Backend User Accounts
High
GHSA-rxc9-f2x6-qh4w
was published
for
typo3/cms-core
(Composer)
May 30, 2024
ProTip!
Advisories are also available from the
GraphQL API