Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

128 advisories

Loading
Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310... High Unreviewed
CVE-2023-42771 was published Oct 3, 2023
An authentication bypass weakness in the message broker service of Ivanti Workspace Control... High Unreviewed
CVE-2024-8012 was published Sep 10, 2024
WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive... High Unreviewed
CVE-2023-46319 was published Oct 23, 2023
The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass... Critical Unreviewed
CVE-2024-8277 was published Sep 11, 2024
D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel Critical Unreviewed
CVE-2024-38437 was published Jul 21, 2024
An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an... Critical Unreviewed
CVE-2023-49231 was published Mar 29, 2024
The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication... High Unreviewed
CVE-2024-41173 was published Aug 27, 2024
Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects... High Unreviewed
CVE-2024-7125 was published Aug 27, 2024
Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass... High Unreviewed
CVE-2024-7007 was published Jul 25, 2024
The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management... Critical Unreviewed
CVE-2024-2055 was published Mar 5, 2024
IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive... Moderate Unreviewed
CVE-2024-35151 was published Aug 22, 2024
A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00... High Unreviewed
CVE-2024-35124 was published Aug 13, 2024
The N-central server is vulnerable to an authentication bypass of the user interface. This... Critical Unreviewed
CVE-2024-28200 was published Jul 1, 2024
A tampering vulnerability in the CylanceOPTICS Windows Installer Package of CylanceOPTICS for... High Unreviewed
CVE-2024-35214 was published Aug 20, 2024
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway... Critical Unreviewed
CVE-2024-2013 was published Jun 11, 2024
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable... High Unreviewed
CVE-2024-7628 was published Aug 15, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in... Critical Unreviewed
CVE-2024-7503 was published Aug 12, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in GST Electronics inohom... Critical Unreviewed
CVE-2024-6684 was published Aug 12, 2024
The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for... Critical Unreviewed
CVE-2024-7350 was published Aug 8, 2024
Keycloak secondary factor bypass in step-up authentication Moderate
CVE-2023-3597 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
sschu jbman
IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive... High Unreviewed
CVE-2024-31916 was published Jun 27, 2024
An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the... High Unreviewed
CVE-2024-26566 was published Mar 7, 2024
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote... Critical Unreviewed
CVE-2020-10148 was published May 24, 2022
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login... High Unreviewed
CVE-2024-31814 was published Apr 8, 2024
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus... High Unreviewed
CVE-2022-47578 was published Dec 20, 2022
ProTip! Advisories are also available from the GraphQL API