Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

828 advisories

Loading
CasaOS contains weak JWT secrets Critical
CVE-2023-37266 was published for github.com/IceWhaleTech/CasaOS (Go) Jul 17, 2023
thomas-chauchefoin-sonarsource
SonicWall GMS and Analytics CAS Web Services application use static values for authentication... Critical Unreviewed
CVE-2023-34137 was published Jul 13, 2023
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks,... Critical Unreviewed
CVE-2023-34124 was published Jul 13, 2023
The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows... Critical Unreviewed
CVE-2023-33274 was published Jul 12, 2023
An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR... Critical Unreviewed
CVE-2023-3127 was published Jul 12, 2023
Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is... Critical Unreviewed
CVE-2023-30603 was published Jul 6, 2023
Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even... Critical Unreviewed
CVE-2023-3028 was published Jul 6, 2023
Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC... Critical Unreviewed
CVE-2023-32347 was published Jul 6, 2023
Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker... Critical Unreviewed
CVE-2023-2586 was published Jul 6, 2023
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows... Critical Unreviewed
CVE-2023-32243 was published Jul 6, 2023
Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege... Critical Unreviewed
CVE-2023-30869 was published Jul 6, 2023
Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules). ... Critical Unreviewed
CVE-2023-1617 was published Jul 6, 2023
An authentication vulnerability was discovered in Jira Service Management Server and Data Center... Critical Unreviewed
CVE-2023-22501 was published Jul 6, 2023
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security... Critical Unreviewed
CVE-2022-4693 was published Jul 6, 2023
Improper configuration of RBAC permissions obtaining cluster control permissions Critical
CVE-2023-33190 was published for github.com/labring/sealos (Go) Jun 30, 2023
DVKunion
D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via... Critical Unreviewed
CVE-2023-32222 was published Jun 28, 2023
pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket... Critical Unreviewed
CVE-2023-3326 was published Jun 22, 2023
Apache Accumulo Improper Authentication vulnerability Critical
CVE-2023-34340 was published for org.apache.accumulo:accumulo-shell (Maven) Jun 21, 2023
Improper authentication vulnerability exists in KB-AHR series and KB-IRIP series. If this... Critical Unreviewed
CVE-2023-30762 was published Jun 13, 2023
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3... Critical Unreviewed
CVE-2023-29129 was published Jun 13, 2023
Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method. Critical Unreviewed
CVE-2023-32220 was published Jun 12, 2023
An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication... Critical Unreviewed
CVE-2023-33553 was published Jun 7, 2023
Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows... Critical Unreviewed
CVE-2023-3065 was published Jun 5, 2023
Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products... Critical Unreviewed
CVE-2023-27388 was published May 23, 2023
The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up... Critical Unreviewed
CVE-2023-2499 was published May 16, 2023
ProTip! Advisories are also available from the GraphQL API