GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
30
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,299
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
1,251 advisories
Filter by severity
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions...
High
Unreviewed
CVE-2024-9947
was published
Oct 23, 2024
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via...
High
Unreviewed
CVE-2024-9927
was published
Oct 23, 2024
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows...
High
Unreviewed
CVE-2024-43685
was published
Oct 4, 2024
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate...
High
Unreviewed
CVE-2024-38139
was published
Oct 16, 2024
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two...
High
Unreviewed
CVE-2022-30550
was published
Jul 18, 2022
Permission control vulnerability in the audio module. Successful exploitation of this...
High
Unreviewed
CVE-2023-39380
was published
Aug 13, 2023
Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an...
High
Unreviewed
CVE-2021-41311
was published
Dec 9, 2021
Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had...
High
Unreviewed
CVE-2021-41312
was published
May 24, 2022
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an...
High
Unreviewed
CVE-2024-45148
was published
Oct 10, 2024
The goTenna Pro series does not authenticate public keys which allows an unauthenticated attacker...
High
Unreviewed
CVE-2024-47125
was published
Sep 26, 2024
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests.
High
Unreviewed
CVE-2024-41589
was published
Oct 3, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9...
High
Unreviewed
CVE-2024-4024
was published
Apr 25, 2024
A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated...
High
Unreviewed
CVE-2023-2759
was published
Jul 17, 2023
DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an Improper...
High
Unreviewed
CVE-2023-31190
was published
Jul 11, 2023
SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7...
High
Unreviewed
CVE-2023-35874
was published
Jul 11, 2023
An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN...
High
Unreviewed
CVE-2024-45750
was published
Sep 25, 2024
Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in...
High
Unreviewed
CVE-2023-27377
was published
Oct 25, 2023
Securepoint UTM before 12.6.5 mishandles OTP codes.
High
Unreviewed
CVE-2024-39340
was published
Jul 12, 2024
Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310...
High
Unreviewed
CVE-2023-42771
was published
Oct 3, 2023
There is a difficult to exploit improper authentication issue in the Home application for Esri...
High
Unreviewed
CVE-2024-25699
was published
Apr 4, 2024
Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA...
High
Unreviewed
CVE-2024-41929
was published
Sep 18, 2024
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
High
Unreviewed
CVE-2023-21841
was published
Jan 18, 2023
Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's...
High
Unreviewed
CVE-2021-45036
was published
Nov 28, 2022
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication...
High
Unreviewed
CVE-2024-45113
was published
Sep 13, 2024
Sensitive information disclosure and manipulation due to improper authentication. The following...
High
Unreviewed
CVE-2023-45246
was published
Oct 6, 2023
ProTip!
Advisories are also available from the
GraphQL API