GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
828 advisories
Filter by severity
CasaOS contains weak JWT secrets
Critical
CVE-2023-37266
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Jul 17, 2023
SonicWall GMS and Analytics CAS Web Services application use static values for authentication...
Critical
Unreviewed
CVE-2023-34137
was published
Jul 13, 2023
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks,...
Critical
Unreviewed
CVE-2023-34124
was published
Jul 13, 2023
The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows...
Critical
Unreviewed
CVE-2023-33274
was published
Jul 12, 2023
An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR...
Critical
Unreviewed
CVE-2023-3127
was published
Jul 12, 2023
Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is...
Critical
Unreviewed
CVE-2023-30603
was published
Jul 6, 2023
Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even...
Critical
Unreviewed
CVE-2023-3028
was published
Jul 6, 2023
Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC...
Critical
Unreviewed
CVE-2023-32347
was published
Jul 6, 2023
Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker...
Critical
Unreviewed
CVE-2023-2586
was published
Jul 6, 2023
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows...
Critical
Unreviewed
CVE-2023-32243
was published
Jul 6, 2023
Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege...
Critical
Unreviewed
CVE-2023-30869
was published
Jul 6, 2023
Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules). ...
Critical
Unreviewed
CVE-2023-1617
was published
Jul 6, 2023
An authentication vulnerability was discovered in Jira Service Management Server and Data Center...
Critical
Unreviewed
CVE-2023-22501
was published
Jul 6, 2023
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security...
Critical
Unreviewed
CVE-2022-4693
was published
Jul 6, 2023
Improper configuration of RBAC permissions obtaining cluster control permissions
Critical
CVE-2023-33190
was published
for
github.com/labring/sealos
(Go)
Jun 30, 2023
D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via...
Critical
Unreviewed
CVE-2023-32222
was published
Jun 28, 2023
pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket...
Critical
Unreviewed
CVE-2023-3326
was published
Jun 22, 2023
Apache Accumulo Improper Authentication vulnerability
Critical
CVE-2023-34340
was published
for
org.apache.accumulo:accumulo-shell
(Maven)
Jun 21, 2023
Improper authentication vulnerability exists in KB-AHR series and KB-IRIP series. If this...
Critical
Unreviewed
CVE-2023-30762
was published
Jun 13, 2023
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3...
Critical
Unreviewed
CVE-2023-29129
was published
Jun 13, 2023
Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method.
Critical
Unreviewed
CVE-2023-32220
was published
Jun 12, 2023
An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication...
Critical
Unreviewed
CVE-2023-33553
was published
Jun 7, 2023
Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows...
Critical
Unreviewed
CVE-2023-3065
was published
Jun 5, 2023
Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products...
Critical
Unreviewed
CVE-2023-27388
was published
May 23, 2023
The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up...
Critical
Unreviewed
CVE-2023-2499
was published
May 16, 2023
ProTip!
Advisories are also available from the
GraphQL API