GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,626
Erlang
29
GitHub Actions
16
Go
1,698
Maven
4,936
npm
3,466
NuGet
601
pip
2,975
Pub
10
RubyGems
826
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,369 advisories
Filter by severity
An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication...
Moderate
Unreviewed
CVE-2023-38372
was published
Feb 29, 2024
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID
Critical
CVE-2024-25128
was published
for
Flask-AppBuilder
(pip)
Feb 28, 2024
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office...
Moderate
Unreviewed
CVE-2024-22395
was published
Feb 24, 2024
A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and...
High
Unreviewed
CVE-2024-1817
was published
Feb 23, 2024
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a...
Moderate
Unreviewed
CVE-2023-52160
was published
Feb 22, 2024
The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD)...
High
Unreviewed
CVE-2023-52161
was published
Feb 22, 2024
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware...
Critical
Unreviewed
CVE-2024-22245
was published
Feb 20, 2024
IBM Storage Scale Container Native Storage Access 5.1.2.1 -through 5.1.7.0 could allow an...
High
Unreviewed
CVE-2022-41738
was published
Feb 17, 2024
IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.7.0 could allow a local...
High
Unreviewed
CVE-2022-41737
was published
Feb 17, 2024
Adobe Framemaker versions 2022.1 and earlier are affected by an Improper Authentication...
Critical
Unreviewed
CVE-2024-20738
was published
Feb 15, 2024
CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering
of...
High
Unreviewed
CVE-2024-0568
was published
Feb 14, 2024
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure...
Moderate
Unreviewed
CVE-2024-24698
was published
Feb 14, 2024
Microsoft Exchange Server Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-21410
was published
Feb 13, 2024
A vulnerability has been identified in Polarion ALM (All versions). The REST API endpoints of...
High
Unreviewed
CVE-2024-23813
was published
Feb 13, 2024
Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username...
High
Unreviewed
CVE-2024-25313
was published
Feb 9, 2024
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with...
High
Unreviewed
CVE-2023-51761
was published
Feb 9, 2024
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the...
Critical
Unreviewed
CVE-2024-24496
was published
Feb 8, 2024
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature...
Critical
Unreviewed
CVE-2024-22394
was published
Feb 8, 2024
Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could...
Moderate
Unreviewed
CVE-2024-23806
was published
Feb 7, 2024
Apache Ozone Improper Authentication vulnerability
Moderate
CVE-2023-39196
was published
for
org.apache.ozone:ozone-main
(Maven)
Feb 7, 2024
An improper authentication vulnerability has been reported to affect several QNAP operating...
Moderate
Unreviewed
CVE-2023-39303
was published
Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary...
Moderate
Unreviewed
CVE-2023-50934
was published
Feb 2, 2024
Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if...
Critical
Unreviewed
CVE-2024-1039
was published
Feb 2, 2024
ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers...
Moderate
Unreviewed
CVE-2023-47256
was published
Feb 2, 2024
Improper Authentication in HashiCorp Vault
High
CVE-2021-3282
was published
for
github.com/hashicorp/vault
(Go)
Jan 31, 2024
ProTip!
Advisories are also available from the
GraphQL API