GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
208 advisories
Filter by severity
Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System ...
Moderate
Unreviewed
CVE-2024-20363
was published
May 22, 2024
Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows...
Moderate
Unreviewed
CVE-2024-32786
was published
May 17, 2024
Authentication Bypass by Spoofing vulnerability in helderk Maintenance Mode allows Functionality...
Low
Unreviewed
CVE-2024-32708
was published
May 17, 2024
Authentication Bypass by Spoofing vulnerability in RafflePress Giveaways and Contests allows...
Moderate
Unreviewed
CVE-2024-32827
was published
May 17, 2024
Authentication Bypass by Spoofing vulnerability in webtechideas WTI Like Post allows...
Moderate
Unreviewed
CVE-2024-33917
was published
May 17, 2024
Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate Review allows Functionality...
Moderate
Unreviewed
CVE-2024-21746
was published
May 17, 2024
Authentication Bypass by Spoofing vulnerability in Filipe Seabra WordPress Manutenção allows...
Low
Unreviewed
CVE-2024-22139
was published
May 17, 2024
Authentication Bypass by Spoofing vulnerability in LionScripts IP Blocker Lite allows...
Moderate
Unreviewed
CVE-2024-30479
was published
May 17, 2024
Authentication Bypass by Spoofing vulnerability in Stefano Lissa & The Newsletter Team Newsletter...
Moderate
Unreviewed
CVE-2024-30522
was published
May 17, 2024
Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows...
Moderate
Unreviewed
CVE-2024-25595
was published
May 17, 2024
Authentication Bypass by Spoofing vulnerability in WP Happy Coders Comments Like Dislike allows...
Moderate
Unreviewed
CVE-2024-25906
was published
May 17, 2024
Authentication Bypass by Spoofing vulnerability in Pippin Williamson CGC Maintenance Mode allows...
Low
Unreviewed
CVE-2024-30480
was published
May 17, 2024
Grafana Escalation from admin to server admin when auth proxy is used
Moderate
CVE-2022-35957
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
High
CVE-2024-32977
was published
for
OctoPrint
(pip)
May 14, 2024
TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This...
Moderate
Unreviewed
CVE-2023-50224
was published
May 3, 2024
TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This...
Moderate
Unreviewed
CVE-2023-44447
was published
May 3, 2024
Apache HugeGraph-Server: Bypass whitelist in Auth mode
High
CVE-2024-27349
was published
for
org.apache.hugegraph:hugegraph-api
(Maven)
Apr 22, 2024
Keycloak vulnerable to impersonation via logout token exchange
Low
CVE-2023-0657
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Apache Zeppelin: Replacing other users notebook, bypassing any permissions
Moderate
CVE-2024-31863
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) (All versions),...
Moderate
Unreviewed
CVE-2024-30189
was published
Apr 9, 2024
A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748...
Moderate
Unreviewed
CVE-2024-30190
was published
Apr 9, 2024
A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748...
High
Unreviewed
CVE-2024-30191
was published
Apr 9, 2024
Ollama DNS rebinding vulnerability
High
CVE-2024-28224
was published
for
github.com/ollama/ollama
(Go)
Apr 8, 2024
By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it...
Unknown
Unreviewed
CVE-2024-29006
was published
Apr 4, 2024
in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification...
High
Unreviewed
CVE-2024-22092
was published
Apr 2, 2024
ProTip!
Advisories are also available from the
GraphQL API