GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,130 advisories
Filter by severity
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a...
Moderate
Unreviewed
CVE-2023-52160
was published
Feb 22, 2024
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure...
Moderate
Unreviewed
CVE-2024-24698
was published
Feb 14, 2024
Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could...
Moderate
Unreviewed
CVE-2024-23806
was published
Feb 7, 2024
Apache Ozone Improper Authentication vulnerability
Moderate
CVE-2023-39196
was published
for
org.apache.ozone:ozone-main
(Maven)
Feb 7, 2024
An improper authentication vulnerability has been reported to affect several QNAP operating...
Moderate
Unreviewed
CVE-2023-39303
was published
Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary...
Moderate
Unreviewed
CVE-2023-50934
was published
Feb 2, 2024
ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers...
Moderate
Unreviewed
CVE-2023-47256
was published
Feb 2, 2024
OctoPrint Unverified Password Change via Access Control Settings
Moderate
CVE-2024-23637
was published
for
OctoPrint
(pip)
Jan 31, 2024
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records
Moderate
CVE-2020-15136
was published
for
go.etcd.io/etcd
(Go)
Jan 31, 2024
Authentik vulnerable to PKCE downgrade attack
Moderate
CVE-2024-23647
was published
for
goauthentik.io
(Go)
Jan 29, 2024
When adding attachments to ticket comments,
another user can add attachments as well...
Moderate
Unreviewed
CVE-2024-23792
was published
Jan 29, 2024
A vulnerability classified as critical was found in Sichuan Yougou Technology KuERP up to 1.0.4....
Moderate
Unreviewed
CVE-2024-0988
was published
Jan 29, 2024
Authentication bypass in vector-admin allows a user to register to a vector-admin server while ...
Moderate
Unreviewed
CVE-2024-0879
was published
Jan 25, 2024
The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS...
Moderate
Unreviewed
CVE-2024-23219
was published
Jan 23, 2024
Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. Commands sent...
Moderate
Unreviewed
CVE-2023-50127
was published
Jan 11, 2024
A vulnerability was found in Uniway Router 2.0. It has been declared as critical. This...
Moderate
Unreviewed
CVE-2023-7211
was published
Jan 7, 2024
Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release...
Moderate
Unreviewed
CVE-2024-20803
was published
Jan 4, 2024
Arbitrary remote file read in Wrangler dev server
Moderate
CVE-2023-7079
was published
for
wrangler
(npm)
Jan 3, 2024
An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows...
Moderate
Unreviewed
CVE-2023-31292
was published
Dec 29, 2023
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password...
Moderate
Unreviewed
CVE-2023-4641
was published
Dec 27, 2023
The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the ...
Moderate
Unreviewed
CVE-2023-6155
was published
Dec 26, 2023
yiisoft/yii2-authclient's Oauth2 PKCE implementation is vulnerable
Moderate
CVE-2023-50714
was published
for
yiisoft/yii2-authclient
(Composer)
Dec 18, 2023
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated...
Moderate
Unreviewed
CVE-2023-49646
was published
Dec 14, 2023
The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the...
Moderate
Unreviewed
CVE-2023-50430
was published
Dec 10, 2023
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical...
Moderate
Unreviewed
CVE-2023-42576
was published
Dec 5, 2023
ProTip!
Advisories are also available from the
GraphQL API