Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,526 advisories

Loading
Securepoint UTM before 12.6.5 mishandles OTP codes. High Unreviewed
CVE-2024-39340 was published Jul 12, 2024
Improper Authentication in FreeTAKServer High
CVE-2022-25508 was published for FreeTAKServer (pip) Mar 12, 2022
Flower OAuth authentication bypass High
CVE-2022-30034 was published for flower (pip) Jun 3, 2022
tprynn
Improper Authentication in Flask-AppBuilder High
CVE-2021-41265 was published for Flask-AppBuilder (pip) Dec 9, 2021
Django Rest Framework jwt allows obtaining new token from notionally invalidated token Critical
CVE-2020-10594 was published for drf-jwt (pip) Jun 5, 2020
Potential bypass of an upstream access control based on URL paths in Django High
CVE-2021-44420 was published for Django (pip) Dec 9, 2021
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated... Moderate Unreviewed
CVE-2023-49646 was published Dec 14, 2023
Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310... High Unreviewed
CVE-2023-42771 was published Oct 3, 2023
There is a difficult to exploit improper authentication issue in the Home application for Esri... High Unreviewed
CVE-2024-25699 was published Apr 4, 2024
Lunary Improper Authentication vulnerability Moderate
CVE-2024-6582 was published for lunary (npm) Sep 13, 2024
Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit Moderate
CVE-2024-8642 was published for org.eclipse.edc:transfer-data-plane (Maven) Sep 11, 2024
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation... Moderate Unreviewed
CVE-2023-43582 was published Nov 15, 2023
Mautic vulnerable to Improper Access Control in UI upgrade process High
CVE-2022-25768 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
An authentication issue was addressed with improved state management. This issue is fixed in iOS... Moderate Unreviewed
CVE-2024-44202 was published Sep 17, 2024
This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and... Moderate Unreviewed
CVE-2024-44127 was published Sep 17, 2024
**UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An... Critical Unreviewed
CVE-2024-34399 was published Sep 18, 2024
Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA... High Unreviewed
CVE-2024-41929 was published Sep 18, 2024
Django Middleware Enables Session Hijacking Moderate
CVE-2014-0482 was published for Django (pip) May 14, 2022
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication... Critical Unreviewed
CVE-2024-8956 was published Sep 17, 2024
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability Moderate
CVE-2024-46943 was published for org.opendaylight.aaa:aaa-artifacts (Maven) Sep 16, 2024
Ghost's improper authentication allows access to member information and actions Moderate
CVE-2024-43409 was published for @tryghost/portal (npm) Aug 20, 2024
1337Nerd
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2023-21841 was published Jan 18, 2023
Session key exposure through session list in Django User Sessions Moderate
CVE-2020-5224 was published for django-user-sessions (pip) Jan 24, 2020
Improper Authentication in django-mfa3 High
CVE-2022-24857 was published for django-mfa3 (pip) Apr 22, 2022
stefanw
A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is... Moderate Unreviewed
CVE-2023-40660 was published Nov 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database