GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,360 advisories
Filter by severity
Bentley eB System Management Console applications within Assetwise Integrity Information Server...
High
Unreviewed
CVE-2023-51708
was published
Dec 22, 2023
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed...
High
Unreviewed
CVE-2023-6847
was published
Dec 21, 2023
Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability
High
CVE-2023-37544
was published
for
org.apache.pulsar:pulsar-websocket
(Maven)
Dec 20, 2023
Authentication bypass vulnerability in navidrome's subsonic endpoint
High
CVE-2023-51442
was published
for
github.com/navidrome/navidrome
(Go)
Dec 19, 2023
** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet...
High
Unreviewed
CVE-2023-44252
was published
Dec 13, 2023
Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue...
High
Unreviewed
CVE-2023-45801
was published
Dec 13, 2023
Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2...
High
Unreviewed
CVE-2023-36648
was published
Dec 12, 2023
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate...
High
Unreviewed
CVE-2023-45866
was published
Dec 8, 2023
The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass...
High
Unreviewed
CVE-2023-6514
was published
Dec 6, 2023
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated...
High
Unreviewed
CVE-2023-5970
was published
Dec 5, 2023
An issue was discovered in Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1, allows...
High
Unreviewed
CVE-2023-47304
was published
Dec 5, 2023
Transient DOS in Automotive OS due to improper authentication to the secure IO calls.
High
Unreviewed
CVE-2023-33070
was published
Dec 5, 2023
Information disclosure in SMU in Hitachi Vantara HNAS 14.8.7825.01 on Windows allows...
High
Unreviewed
CVE-2023-5808
was published
Dec 5, 2023
Dell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. A remote...
High
Unreviewed
CVE-2023-44302
was published
Dec 4, 2023
An improper authentication vulnerability in the authentication module of the Zyxel NAS326...
High
Unreviewed
CVE-2023-35137
was published
Nov 30, 2023
Apache ActiveMQ Deserialization of Untrusted Data vulnerability
High
CVE-2022-41678
was published
for
org.apache.activemq:apache-activemq
(Maven)
Nov 28, 2023
An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote...
High
Unreviewed
CVE-2023-41999
was published
Nov 27, 2023
Cron log backup files contain administrator session IDs. It is trivial for any attacker who can...
High
Unreviewed
CVE-2023-4677
was published
Nov 23, 2023
Memory Corruption in Core due to secure memory access by user while loading modem image.
High
Unreviewed
CVE-2023-24852
was published
Nov 14, 2023
An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any...
High
Unreviewed
CVE-2023-29975
was published
Nov 10, 2023
A locally authenticated attacker with low privileges can bypass authentication due to insecure...
High
Unreviewed
CVE-2022-44569
was published
Nov 3, 2023
Unauthorized Access to Private Fields in User Registration API
High
CVE-2023-39345
was published
for
@strapi/plugin-users-permissions
(npm)
Nov 3, 2023
A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism...
High
Unreviewed
CVE-2023-5627
was published
Nov 1, 2023
A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This...
High
Unreviewed
CVE-2023-5830
was published
Oct 27, 2023
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal...
High
Unreviewed
CVE-2023-35794
was published
Oct 27, 2023
ProTip!
Advisories are also available from the
GraphQL API