GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,526 advisories
Filter by severity
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows...
High
Unreviewed
CVE-2024-43685
was published
Oct 4, 2024
The goTenna Pro series does not authenticate public keys which allows an unauthenticated attacker...
High
Unreviewed
CVE-2024-47125
was published
Sep 26, 2024
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests.
High
Unreviewed
CVE-2024-41589
was published
Oct 3, 2024
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to...
Critical
Unreviewed
CVE-2022-26136
was published
Jul 21, 2022
PAM module may allow accessing with the credentials of another user
High
CVE-2024-9313
was published
for
github.com/ubuntu/authd
(Go)
Oct 3, 2024
An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6,...
Moderate
Unreviewed
CVE-2023-3362
was published
Jul 13, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9...
High
Unreviewed
CVE-2024-4024
was published
Apr 25, 2024
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions...
Moderate
Unreviewed
CVE-2024-1347
was published
Apr 25, 2024
Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation
Critical
CVE-2024-47807
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Oct 2, 2024
Jenkins OpenId Connect Authentication Plugin lacks audience claim validation
Critical
CVE-2024-47806
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Oct 2, 2024
A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated...
High
Unreviewed
CVE-2023-2759
was published
Jul 17, 2023
DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an Improper...
High
Unreviewed
CVE-2023-31190
was published
Jul 11, 2023
SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7...
High
Unreviewed
CVE-2023-35874
was published
Jul 11, 2023
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of...
Moderate
Unreviewed
CVE-2023-39215
was published
Sep 12, 2023
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure...
Moderate
Unreviewed
CVE-2024-24698
was published
Feb 14, 2024
python-kerberos vulnerable to KDC spoofing attacks
Critical
CVE-2015-3206
was published
for
kerberos
(pip)
May 14, 2022
An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN...
High
Unreviewed
CVE-2024-45750
was published
Sep 25, 2024
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker...
Moderate
Unreviewed
CVE-2023-36926
was published
Aug 8, 2023
Apache Submarine Commons Utils has a hard-coded secret
Moderate
CVE-2024-36264
was published
for
apache-submarine
(Maven)
Jun 12, 2024
Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials
Moderate
CVE-2024-45042
was published
for
github.com/ory/kratos
(Go)
Sep 26, 2024
Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in...
High
Unreviewed
CVE-2023-27377
was published
Oct 25, 2023
Synapse has improper checks for deactivated users during login
Moderate
CVE-2023-32682
was published
for
matrix-synapse
(pip)
Jun 6, 2023
An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication.
Critical
Unreviewed
CVE-2024-47218
was published
Sep 22, 2024
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account...
Critical
Unreviewed
CVE-2024-0002
was published
Sep 23, 2024
Indy's NODE_UPGRADE transaction vulnerable to remote code execution
Moderate
CVE-2022-31020
was published
for
indy-node
(pip)
Sep 2, 2022
ProTip!
Advisories are also available from the
GraphQL API