Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

992 advisories

Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows... Moderate Unreviewed
CVE-2023-51511 was published Jun 4, 2024
Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing... Moderate Unreviewed
CVE-2023-48747 was published Jun 4, 2024
Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing... Moderate Unreviewed
CVE-2023-47189 was published Jun 4, 2024
An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version... Moderate Unreviewed
CVE-2024-4601 was published May 7, 2024
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions... Moderate Unreviewed
CVE-2024-1347 was published Apr 25, 2024
Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site... Moderate Unreviewed
CVE-2023-25790 was published Apr 24, 2024
Improper Authentication vulnerability in Repute Infosystems BookingPress allows Accessing... Moderate Unreviewed
CVE-2023-51405 was published Apr 24, 2024
A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart... Moderate Unreviewed
CVE-2023-25493 was published Apr 5, 2024
REST service authentication anomaly with “valid username/no password” credential combination for... Moderate Unreviewed
CVE-2024-2244 was published Mar 27, 2024
Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue... Moderate Unreviewed
CVE-2022-44595 was published Mar 21, 2024
IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow a... Moderate Unreviewed
CVE-2023-46172 was published Mar 7, 2024
A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an... Moderate Unreviewed
CVE-2024-20301 was published Mar 6, 2024
An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication... Moderate Unreviewed
CVE-2023-38372 was published Feb 29, 2024
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office... Moderate Unreviewed
CVE-2024-22395 was published Feb 24, 2024
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a... Moderate Unreviewed
CVE-2023-52160 was published Feb 22, 2024
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure... Moderate Unreviewed
CVE-2024-24698 was published Feb 14, 2024
Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could... Moderate Unreviewed
CVE-2024-23806 was published Feb 7, 2024
An improper authentication vulnerability has been reported to affect several QNAP operating... Moderate Unreviewed
CVE-2023-39303 was published Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary... Moderate Unreviewed
CVE-2023-50934 was published Feb 2, 2024
ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers... Moderate Unreviewed
CVE-2023-47256 was published Feb 2, 2024
When adding attachments to ticket comments, another user can add attachments as well... Moderate Unreviewed
CVE-2024-23792 was published Jan 29, 2024
A vulnerability classified as critical was found in Sichuan Yougou Technology KuERP up to 1.0.4.... Moderate Unreviewed
CVE-2024-0988 was published Jan 29, 2024
Authentication bypass in vector-admin allows a user to register to a vector-admin server while ... Moderate Unreviewed
CVE-2024-0879 was published Jan 25, 2024
The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS... Moderate Unreviewed
CVE-2024-23219 was published Jan 23, 2024
Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. Commands sent... Moderate Unreviewed
CVE-2023-50127 was published Jan 11, 2024
ProTip! Advisories are also available from the GraphQL API