Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,626
Erlang
29
GitHub Actions
16
Go
1,698
Maven
4,936
npm
3,466
NuGet
601
pip
2,975
Pub
10
RubyGems
826
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,369 advisories

An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication... Moderate Unreviewed
CVE-2023-38372 was published Feb 29, 2024
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID Critical
CVE-2024-25128 was published for Flask-AppBuilder (pip) Feb 28, 2024
parantheses dpgaspar
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office... Moderate Unreviewed
CVE-2024-22395 was published Feb 24, 2024
A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and... High Unreviewed
CVE-2024-1817 was published Feb 23, 2024
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a... Moderate Unreviewed
CVE-2023-52160 was published Feb 22, 2024
The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD)... High Unreviewed
CVE-2023-52161 was published Feb 22, 2024
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware... Critical Unreviewed
CVE-2024-22245 was published Feb 20, 2024
IBM Storage Scale Container Native Storage Access 5.1.2.1 -through 5.1.7.0 could allow an... High Unreviewed
CVE-2022-41738 was published Feb 17, 2024
IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.7.0 could allow a local... High Unreviewed
CVE-2022-41737 was published Feb 17, 2024
Adobe Framemaker versions 2022.1 and earlier are affected by an Improper Authentication... Critical Unreviewed
CVE-2024-20738 was published Feb 15, 2024
CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering of... High Unreviewed
CVE-2024-0568 was published Feb 14, 2024
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure... Moderate Unreviewed
CVE-2024-24698 was published Feb 14, 2024
Microsoft Exchange Server Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2024-21410 was published Feb 13, 2024
A vulnerability has been identified in Polarion ALM (All versions). The REST API endpoints of... High Unreviewed
CVE-2024-23813 was published Feb 13, 2024
Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username... High Unreviewed
CVE-2024-25313 was published Feb 9, 2024
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with... High Unreviewed
CVE-2023-51761 was published Feb 9, 2024
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the... Critical Unreviewed
CVE-2024-24496 was published Feb 8, 2024
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature... Critical Unreviewed
CVE-2024-22394 was published Feb 8, 2024
Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could... Moderate Unreviewed
CVE-2024-23806 was published Feb 7, 2024
Apache Ozone Improper Authentication vulnerability Moderate
CVE-2023-39196 was published for org.apache.ozone:ozone-main (Maven) Feb 7, 2024
An improper authentication vulnerability has been reported to affect several QNAP operating... Moderate Unreviewed
CVE-2023-39303 was published Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary... Moderate Unreviewed
CVE-2023-50934 was published Feb 2, 2024
Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if... Critical Unreviewed
CVE-2024-1039 was published Feb 2, 2024
ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers... Moderate Unreviewed
CVE-2023-47256 was published Feb 2, 2024
Improper Authentication in HashiCorp Vault High
CVE-2021-3282 was published for github.com/hashicorp/vault (Go) Jan 31, 2024
ProTip! Advisories are also available from the GraphQL API