Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,526 advisories

Loading
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows... High Unreviewed
CVE-2024-43685 was published Oct 4, 2024
The goTenna Pro series does not authenticate public keys which allows an unauthenticated attacker... High Unreviewed
CVE-2024-47125 was published Sep 26, 2024
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests. High Unreviewed
CVE-2024-41589 was published Oct 3, 2024
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to... Critical Unreviewed
CVE-2022-26136 was published Jul 21, 2022
PAM module may allow accessing with the credentials of another user High
CVE-2024-9313 was published for github.com/ubuntu/authd (Go) Oct 3, 2024
3v1n0 didrocks
An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6,... Moderate Unreviewed
CVE-2023-3362 was published Jul 13, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9... High Unreviewed
CVE-2024-4024 was published Apr 25, 2024
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions... Moderate Unreviewed
CVE-2024-1347 was published Apr 25, 2024
Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation Critical
CVE-2024-47807 was published for org.jenkins-ci.plugins:oic-auth (Maven) Oct 2, 2024
Jenkins OpenId Connect Authentication Plugin lacks audience claim validation Critical
CVE-2024-47806 was published for org.jenkins-ci.plugins:oic-auth (Maven) Oct 2, 2024
A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated... High Unreviewed
CVE-2023-2759 was published Jul 17, 2023
DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an Improper... High Unreviewed
CVE-2023-31190 was published Jul 11, 2023
SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7... High Unreviewed
CVE-2023-35874 was published Jul 11, 2023
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of... Moderate Unreviewed
CVE-2023-39215 was published Sep 12, 2023
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure... Moderate Unreviewed
CVE-2024-24698 was published Feb 14, 2024
python-kerberos vulnerable to KDC spoofing attacks Critical
CVE-2015-3206 was published for kerberos (pip) May 14, 2022
An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN... High Unreviewed
CVE-2024-45750 was published Sep 25, 2024
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker... Moderate Unreviewed
CVE-2023-36926 was published Aug 8, 2023
Apache Submarine Commons Utils has a hard-coded secret Moderate
CVE-2024-36264 was published for apache-submarine (Maven) Jun 12, 2024
Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials Moderate
CVE-2024-45042 was published for github.com/ory/kratos (Go) Sep 26, 2024
Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in... High Unreviewed
CVE-2023-27377 was published Oct 25, 2023
Synapse has improper checks for deactivated users during login Moderate
CVE-2023-32682 was published for matrix-synapse (pip) Jun 6, 2023
An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication. Critical Unreviewed
CVE-2024-47218 was published Sep 22, 2024
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account... Critical Unreviewed
CVE-2024-0002 was published Sep 23, 2024
Indy's NODE_UPGRADE transaction vulnerable to remote code execution Moderate
CVE-2022-31020 was published for indy-node (pip) Sep 2, 2022
shakreiner
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database