Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

828 advisories

Loading
Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows... Critical Unreviewed
CVE-2023-42531 was published Nov 13, 2023
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest... Critical Unreviewed
CVE-2023-4612 was published Nov 9, 2023
Under a very specific and highly unrecommended configuration, authentication bypass is possible... Critical Unreviewed
CVE-2023-37283 was published Oct 25, 2023
Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier... Critical Unreviewed
CVE-2023-26573 was published Oct 25, 2023
Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main... Critical Unreviewed
CVE-2023-4562 was published Oct 13, 2023
An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325... Critical Unreviewed
CVE-2023-24479 was published Oct 11, 2023
A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN... Critical Unreviewed
CVE-2023-20252 was published Sep 27, 2023
The vulnerability exists in Uniview IP Camera due to identification and authentication failure at... Critical Unreviewed
CVE-2023-0773 was published Sep 19, 2023
** UNSUPPPORTED WHEN ASSIGNED ** Authentication Bypass by Assumed-Immutable Data vulnerability in... Critical Unreviewed
CVE-2023-4669 was published Sep 14, 2023
User authentication with username and password credentials is ineffective in OpenText (Micro... Critical Unreviewed
CVE-2023-4501 was published Sep 12, 2023
An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to... Critical Unreviewed
CVE-2023-39069 was published Sep 12, 2023
An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to... Critical Unreviewed
CVE-2021-27715 was published Sep 8, 2023
A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application... Critical Unreviewed
CVE-2023-20238 was published Sep 6, 2023
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation... Critical Unreviewed
CVE-2023-31242 was published Sep 5, 2023
Inadequate validation of permissions when employing remote tools and macros within Devolutions... Critical Unreviewed
CVE-2023-4373 was published Aug 21, 2023
An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token. Critical Unreviewed
CVE-2023-39846 was published Aug 17, 2023
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users... Critical Unreviewed
CVE-2023-35082 was published Aug 15, 2023
EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication)... Critical Unreviewed
CVE-2023-40260 was published Aug 11, 2023
Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0,... Critical Unreviewed
CVE-2023-40253 was published Aug 11, 2023
Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default... Critical Unreviewed
CVE-2023-32090 was published Aug 7, 2023
A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage... Critical Unreviewed
CVE-2023-20214 was published Aug 4, 2023
ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an... Critical Unreviewed
CVE-2023-1935 was published Aug 3, 2023
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote... Critical Unreviewed
CVE-2023-35078 was published Jul 25, 2023
OpenAM vulnerable to user impersonation using SAMLv1.x SSO process Critical
CVE-2023-37471 was published for org.openidentityplatform.openam:openam-federation-library (Maven) Jul 20, 2023
atorralba sylwia-budzynska
In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web... Critical Unreviewed
CVE-2023-3638 was published Jul 19, 2023
ProTip! Advisories are also available from the GraphQL API