Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,906
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,047
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

40 advisories

MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function Critical Unreviewed
CVE-2024-36388 was published Jun 2, 2024
Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process High
CVE-2024-34077 was published for mantisbt/mantisbt (Composer) May 13, 2024
dregad redna-xela
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an... High Unreviewed
CVE-2024-20378 was published May 1, 2024
Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows... Critical Unreviewed
CVE-2023-6153 was published Mar 27, 2024
Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication... Critical Unreviewed
CVE-2024-1202 was published Mar 21, 2024
Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security... Critical Unreviewed
CVE-2023-7103 was published Mar 5, 2024
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all... Critical Unreviewed
CVE-2024-1403 was published Feb 27, 2024
The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and... Moderate Unreviewed
CVE-2023-4939 was published Oct 21, 2023
NATS.io: Adding accounts for just the system account adds auth bypass High
CVE-2023-47090 was published for github.com/nats-io/nats-server/v2 (Go) Oct 19, 2023
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior... High Unreviewed
CVE-2023-4898 was published Sep 12, 2023
Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn... Moderate Unreviewed
CVE-2023-4498 was published Sep 6, 2023
ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an... Critical Unreviewed
CVE-2023-1935 was published Aug 3, 2023
Dapr API token authentication bypass in HTTP endpoints Moderate
CVE-2023-37918 was published for github.com/dapr/dapr (Go) Jul 21, 2023
ItalyPaleAle
Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS... High Unreviewed
CVE-2023-2959 was published Jul 17, 2023
SonicWall GMS and Analytics CAS Web Services application use static values for authentication... Critical Unreviewed
CVE-2023-34137 was published Jul 13, 2023
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks,... Critical Unreviewed
CVE-2023-34124 was published Jul 13, 2023
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could... Moderate Unreviewed
CVE-2023-28126 was published May 10, 2023
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID... Moderate Unreviewed
CVE-2022-40723 was published Apr 25, 2023
Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router... Critical Unreviewed
CVE-2023-1833 was published Apr 14, 2023
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature... Critical Unreviewed
CVE-2023-27536 was published Mar 30, 2023
An authentication bypass vulnerability exists in libcurl v8.0.0 where it reuses a previously... Moderate Unreviewed
CVE-2023-27538 was published Mar 30, 2023
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse... High Unreviewed
CVE-2023-27535 was published Mar 30, 2023
Froxlor is vulnerable to authentication bypass Critical
CVE-2023-1307 was published for froxlor/froxlor (Composer) Mar 10, 2023
Authentication Bypass in modoboa Critical
CVE-2023-0777 was published for modoboa (pip) Feb 10, 2023
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass... Moderate Unreviewed
CVE-2022-3100 was published Jan 18, 2023
ProTip! Advisories are also available from the GraphQL API