GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,434
Erlang
29
GitHub Actions
16
Go
1,660
Maven
4,922
npm
3,450
NuGet
594
pip
2,840
Pub
10
RubyGems
823
Rust
764
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,360 advisories
Filter by severity
NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass...
Critical
Unreviewed
CVE-2023-38096
was published
May 3, 2024
ArmorX Android APP's multi-factor authentication (MFA) for the login function is not properly...
High
Unreviewed
CVE-2024-4303
was published
Apr 29, 2024
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
Moderate
CVE-2024-32868
was published
for
github.com/zitadel/zitadel
(Go)
Apr 25, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9...
High
Unreviewed
CVE-2024-4024
was published
Apr 25, 2024
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions...
Moderate
Unreviewed
CVE-2024-1347
was published
Apr 25, 2024
Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows...
Critical
Unreviewed
CVE-2023-51484
was published
Apr 25, 2024
Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege...
Critical
Unreviewed
CVE-2023-51478
was published
Apr 25, 2024
Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing...
Critical
Unreviewed
CVE-2023-51482
was published
Apr 25, 2024
Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege...
Critical
Unreviewed
CVE-2023-51472
was published
Apr 24, 2024
Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Accessing...
High
Unreviewed
CVE-2023-51471
was published
Apr 24, 2024
Improper Authentication vulnerability in Repute Infosystems BookingPress allows Accessing...
Moderate
Unreviewed
CVE-2023-51405
was published
Apr 24, 2024
Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing...
High
Unreviewed
CVE-2023-47504
was published
Apr 24, 2024
Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing...
Critical
Unreviewed
CVE-2023-51477
was published
Apr 24, 2024
Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site...
Moderate
Unreviewed
CVE-2023-25790
was published
Apr 24, 2024
Keycloak vulnerable to impersonation via logout token exchange
Low
CVE-2023-0657
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Keycloak vulnerable to session hijacking via re-authentication
Moderate
CVE-2023-6787
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Keycloak secondary factor bypass in step-up authentication
Moderate
CVE-2023-3597
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart...
Moderate
Unreviewed
CVE-2023-25493
was published
Apr 5, 2024
There is a difficult to exploit improper authentication issue in the Home application for Esri...
High
Unreviewed
CVE-2024-25699
was published
Apr 4, 2024
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2,...
Unknown
Unreviewed
CVE-2024-28012
was published
Mar 28, 2024
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2,...
Unknown
Unreviewed
CVE-2024-28009
was published
Mar 28, 2024
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2,...
Unknown
Unreviewed
CVE-2024-28006
was published
Mar 28, 2024
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2,...
Unknown
Unreviewed
CVE-2024-28007
was published
Mar 28, 2024
REST service authentication anomaly with “valid username/no password” credential combination for...
Moderate
Unreviewed
CVE-2024-2244
was published
Mar 27, 2024
A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A...
Critical
Unreviewed
CVE-2024-2873
was published
Mar 26, 2024
ProTip!
Advisories are also available from the
GraphQL API