Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,790
Erlang
36
GitHub Actions
29
Go
2,370
Maven
5,000+
npm
3,994
NuGet
720
pip
3,783
Pub
12
RubyGems
927
Rust
982
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,292 advisories

Loading
Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could... Moderate Unreviewed
CVE-2024-23806 was published Feb 7, 2024
Apache Ozone Improper Authentication vulnerability Moderate
CVE-2023-39196 was published for org.apache.ozone:ozone-main (Maven) Feb 7, 2024
An improper authentication vulnerability has been reported to affect several QNAP operating... Moderate Unreviewed
CVE-2023-39303 was published Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary... Moderate Unreviewed
CVE-2023-50934 was published Feb 2, 2024
ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers... Moderate Unreviewed
CVE-2023-47256 was published Feb 2, 2024
OctoPrint Unverified Password Change via Access Control Settings Moderate
CVE-2024-23637 was published for OctoPrint (pip) Jan 31, 2024
tkruppert
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records Moderate
CVE-2020-15136 was published for go.etcd.io/etcd (Go) Jan 31, 2024
When adding attachments to ticket comments, another user can add attachments as well... Moderate Unreviewed
CVE-2024-23792 was published Jan 29, 2024
A vulnerability classified as critical was found in Sichuan Yougou Technology KuERP up to 1.0.4.... Moderate Unreviewed
CVE-2024-0988 was published Jan 29, 2024
Authentication bypass in vector-admin allows a user to register to a vector-admin server while ... Moderate Unreviewed
CVE-2024-0879 was published Jan 25, 2024
The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS... Moderate Unreviewed
CVE-2024-23219 was published Jan 23, 2024
An authentication issue was addressed with improved state management. This issue is fixed in... Moderate Unreviewed
CVE-2023-42935 was published Jan 23, 2024
Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. Commands sent... Moderate Unreviewed
CVE-2023-50127 was published Jan 11, 2024
A vulnerability was found in Uniway Router 2.0. It has been declared as critical. This... Moderate Unreviewed
CVE-2023-7211 was published Jan 7, 2024
Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release... Moderate Unreviewed
CVE-2024-20803 was published Jan 4, 2024
Arbitrary remote file read in Wrangler dev server Moderate
CVE-2023-7079 was published for wrangler (npm) Jan 3, 2024
Lekensteyn
An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows... Moderate Unreviewed
CVE-2023-31292 was published Dec 29, 2023
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password... Moderate Unreviewed
CVE-2023-4641 was published Dec 27, 2023
The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the ... Moderate Unreviewed
CVE-2023-6155 was published Dec 26, 2023
yiisoft/yii2-authclient's Oauth2 PKCE implementation is vulnerable Moderate
CVE-2023-50714 was published for yiisoft/yii2-authclient (Composer) Dec 18, 2023
rhertogh
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated... Moderate Unreviewed
CVE-2023-49646 was published Dec 14, 2023
The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the... Moderate Unreviewed
CVE-2023-50430 was published Dec 10, 2023
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical... Moderate Unreviewed
CVE-2023-42576 was published Dec 5, 2023
Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote... Moderate Unreviewed
CVE-2023-6353 was published Nov 30, 2023
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to... Moderate Unreviewed
CVE-2023-6344 was published Nov 30, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database