GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,401 advisories
Filter by severity
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via...
High
Unreviewed
CVE-2024-9927
was published
Oct 23, 2024
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate...
High
Unreviewed
CVE-2024-38139
was published
Oct 16, 2024
Matrix JavaScript SDK's key history sharing could share keys to malicious devices
High
CVE-2024-47080
was published
for
matrix-js-sdk
(npm)
Oct 15, 2024
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an...
High
Unreviewed
CVE-2024-45148
was published
Oct 10, 2024
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows...
High
Unreviewed
CVE-2024-43685
was published
Oct 4, 2024
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests.
High
Unreviewed
CVE-2024-41589
was published
Oct 3, 2024
PAM module may allow accessing with the credentials of another user
High
CVE-2024-9313
was published
for
github.com/ubuntu/authd
(Go)
Oct 3, 2024
The goTenna Pro series does not authenticate public keys which allows an unauthenticated attacker...
High
Unreviewed
CVE-2024-47125
was published
Sep 26, 2024
An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN...
High
Unreviewed
CVE-2024-45750
was published
Sep 25, 2024
Mautic vulnerable to Improper Access Control in UI upgrade process
High
CVE-2022-25768
was published
for
mautic/core
(Composer)
Sep 18, 2024
Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA...
High
Unreviewed
CVE-2024-41929
was published
Sep 18, 2024
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication...
High
Unreviewed
CVE-2024-45113
was published
Sep 13, 2024
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-38225
was published
Sep 10, 2024
A vulnerability that allows a user who has been assigned a low-privileged role within Veeam...
High
Unreviewed
CVE-2024-40713
was published
Sep 7, 2024
Host name validation for TLS certificates is bypassed when the installed OpenEdge default...
High
Unreviewed
CVE-2024-7346
was published
Sep 3, 2024
Flowise Authentication Bypass vulnerability
High
CVE-2024-8181
was published
for
flowise
(npm)
Aug 27, 2024
Netskope was notified about a security gap in Netskope Client enrollment process where NSClient...
High
Unreviewed
CVE-2024-7401
was published
Aug 26, 2024
cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an unauthenticated attacker...
High
Unreviewed
CVE-2024-36444
was published
Aug 22, 2024
Servision - CWE-287: Improper Authentication
High
Unreviewed
CVE-2024-42336
was published
Aug 20, 2024
CVE-2024-6078 IMPACT
An improper authentication vulnerability exists in the affected product,...
High
Unreviewed
CVE-2024-6078
was published
Aug 14, 2024
Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote...
High
Unreviewed
CVE-2024-36132
was published
Aug 7, 2024
RobotsAndPencils go-saml authentication bypass vulnerability
High
CVE-2023-48703
was published
for
github.com/RobotsAndPencils/go-saml
(Go)
Aug 5, 2024
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow...
High
Unreviewed
CVE-2019-6198
was published
Jul 31, 2024
A command injection vulnerability could allow an authenticated user to execute operating system...
High
Unreviewed
CVE-2022-4002
was published
Jul 31, 2024
An authentication bypass vulnerability could allow an attacker to access API functions without...
High
Unreviewed
CVE-2022-4001
was published
Jul 31, 2024
ProTip!
Advisories are also available from the
GraphQL API