Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

783 advisories

Loading
An authentication bypass vulnerability has been identified in Foreman when deployed with External... Critical Unreviewed
CVE-2024-7012 was published Sep 4, 2024
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless... Critical Unreviewed
CVE-2024-50478 was published Oct 28, 2024
In WhatsUp Gold versions released before 2024.0.0,  an Authentication Bypass issue exists which... Critical Unreviewed
CVE-2024-7763 was published Oct 24, 2024
An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An... Critical Unreviewed
CVE-2024-23629 was published Jan 26, 2024
The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in... Critical Unreviewed
CVE-2020-36832 was published Oct 16, 2024
Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is... Critical Unreviewed
CVE-2023-30603 was published Jul 6, 2023
The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the... Critical Unreviewed
CVE-2023-36655 was published Dec 6, 2023
The authentication mechanism can be bypassed by overflowing the value of the Cookie ... Critical Unreviewed
CVE-2023-49262 was published Jan 12, 2024
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest... Critical Unreviewed
CVE-2023-4612 was published Nov 9, 2023
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an... Critical Unreviewed
CVE-2024-45115 was published Oct 10, 2024
Windows Netlogon Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2024-38124 was published Oct 8, 2024
A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only... Critical Unreviewed
CVE-2024-41798 was published Oct 8, 2024
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to... Critical Unreviewed
CVE-2022-26136 was published Jul 21, 2022
An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication. Critical Unreviewed
CVE-2024-47218 was published Sep 22, 2024
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account... Critical Unreviewed
CVE-2024-0002 was published Sep 23, 2024
**UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An... Critical Unreviewed
CVE-2024-34399 was published Sep 18, 2024
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication... Critical Unreviewed
CVE-2024-8956 was published Sep 17, 2024
CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product.... Critical Unreviewed
CVE-2024-45823 was published Sep 12, 2024
Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function. Critical Unreviewed
CVE-2023-37226 was published Sep 10, 2024
HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass. Critical Unreviewed
CVE-2024-22441 was published Jun 13, 2024
An authentication bypass vulnerability has been identified in Pulpcore when deployed with... Critical Unreviewed
CVE-2024-7923 was published Sep 4, 2024
Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024... Critical Unreviewed
CVE-2024-6057 was published Jun 17, 2024
Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows... Critical Unreviewed
CVE-2024-42462 was published Aug 16, 2024
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2,... Critical Unreviewed
CVE-2024-28012 was published Mar 28, 2024
Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator... Critical Unreviewed
CVE-2024-7746 was published Aug 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database