Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
30
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,299
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,251 advisories

Loading
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions... High Unreviewed
CVE-2024-9947 was published Oct 23, 2024
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via... High Unreviewed
CVE-2024-9927 was published Oct 23, 2024
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows... High Unreviewed
CVE-2024-43685 was published Oct 4, 2024
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate... High Unreviewed
CVE-2024-38139 was published Oct 16, 2024
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two... High Unreviewed
CVE-2022-30550 was published Jul 18, 2022
Permission control vulnerability in the audio module. Successful exploitation of this... High Unreviewed
CVE-2023-39380 was published Aug 13, 2023
Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an... High Unreviewed
CVE-2021-41311 was published Dec 9, 2021
Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had... High Unreviewed
CVE-2021-41312 was published May 24, 2022
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an... High Unreviewed
CVE-2024-45148 was published Oct 10, 2024
The goTenna Pro series does not authenticate public keys which allows an unauthenticated attacker... High Unreviewed
CVE-2024-47125 was published Sep 26, 2024
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests. High Unreviewed
CVE-2024-41589 was published Oct 3, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9... High Unreviewed
CVE-2024-4024 was published Apr 25, 2024
A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated... High Unreviewed
CVE-2023-2759 was published Jul 17, 2023
DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an Improper... High Unreviewed
CVE-2023-31190 was published Jul 11, 2023
SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7... High Unreviewed
CVE-2023-35874 was published Jul 11, 2023
An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN... High Unreviewed
CVE-2024-45750 was published Sep 25, 2024
Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in... High Unreviewed
CVE-2023-27377 was published Oct 25, 2023
Securepoint UTM before 12.6.5 mishandles OTP codes. High Unreviewed
CVE-2024-39340 was published Jul 12, 2024
Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310... High Unreviewed
CVE-2023-42771 was published Oct 3, 2023
There is a difficult to exploit improper authentication issue in the Home application for Esri... High Unreviewed
CVE-2024-25699 was published Apr 4, 2024
Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA... High Unreviewed
CVE-2024-41929 was published Sep 18, 2024
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2023-21841 was published Jan 18, 2023
Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's... High Unreviewed
CVE-2021-45036 was published Nov 28, 2022
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication... High Unreviewed
CVE-2024-45113 was published Sep 13, 2024
Sensitive information disclosure and manipulation due to improper authentication. The following... High Unreviewed
CVE-2023-45246 was published Oct 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database