GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,398 advisories
Filter by severity
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows...
High
Unreviewed
CVE-2024-43685
was published
Oct 4, 2024
The goTenna Pro series does not authenticate public keys which allows an unauthenticated attacker...
High
Unreviewed
CVE-2024-47125
was published
Sep 26, 2024
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests.
High
Unreviewed
CVE-2024-41589
was published
Oct 3, 2024
PAM module may allow accessing with the credentials of another user
High
CVE-2024-9313
was published
for
github.com/ubuntu/authd
(Go)
Oct 3, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9...
High
Unreviewed
CVE-2024-4024
was published
Apr 25, 2024
A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated...
High
Unreviewed
CVE-2023-2759
was published
Jul 17, 2023
DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an Improper...
High
Unreviewed
CVE-2023-31190
was published
Jul 11, 2023
SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7...
High
Unreviewed
CVE-2023-35874
was published
Jul 11, 2023
An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN...
High
Unreviewed
CVE-2024-45750
was published
Sep 25, 2024
Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in...
High
Unreviewed
CVE-2023-27377
was published
Oct 25, 2023
Securepoint UTM before 12.6.5 mishandles OTP codes.
High
Unreviewed
CVE-2024-39340
was published
Jul 12, 2024
Improper Authentication in FreeTAKServer
High
CVE-2022-25508
was published
for
FreeTAKServer
(pip)
Mar 12, 2022
Improper Authentication in Flask-AppBuilder
High
CVE-2021-41265
was published
for
Flask-AppBuilder
(pip)
Dec 9, 2021
Potential bypass of an upstream access control based on URL paths in Django
High
CVE-2021-44420
was published
for
Django
(pip)
Dec 9, 2021
Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310...
High
Unreviewed
CVE-2023-42771
was published
Oct 3, 2023
There is a difficult to exploit improper authentication issue in the Home application for Esri...
High
Unreviewed
CVE-2024-25699
was published
Apr 4, 2024
Mautic vulnerable to Improper Access Control in UI upgrade process
High
CVE-2022-25768
was published
for
mautic/core
(Composer)
Sep 18, 2024
Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA...
High
Unreviewed
CVE-2024-41929
was published
Sep 18, 2024
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
High
Unreviewed
CVE-2023-21841
was published
Jan 18, 2023
Improper Authentication in django-mfa3
High
CVE-2022-24857
was published
for
django-mfa3
(pip)
Apr 22, 2022
Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's...
High
Unreviewed
CVE-2021-45036
was published
Nov 28, 2022
HashiCorp Vault Authentication bypass
High
CVE-2020-16251
was published
for
github.com/hashicorp/vault
(Go)
Jan 31, 2024
CrateDB authentication bypass vulnerability
High
CVE-2023-51982
was published
for
crate
(Maven)
Jan 30, 2024
botframework-connector vulnerable to Improper Authentication
High
GHSA-cqff-fx2x-p86v
was published
for
botframework-connector
(pip)
Mar 8, 2021
ProTip!
Advisories are also available from the
GraphQL API