Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,410 advisories

Loading
CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering of... High Unreviewed
CVE-2024-0568 was published Feb 14, 2024
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure... Moderate Unreviewed
CVE-2024-24698 was published Feb 14, 2024
Microsoft Exchange Server Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2024-21410 was published Feb 13, 2024
A vulnerability has been identified in Polarion ALM (All versions). The REST API endpoints of... High Unreviewed
CVE-2024-23813 was published Feb 13, 2024
Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username... High Unreviewed
CVE-2024-25313 was published Feb 9, 2024
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with... High Unreviewed
CVE-2023-51761 was published Feb 9, 2024
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the... Critical Unreviewed
CVE-2024-24496 was published Feb 8, 2024
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature... Critical Unreviewed
CVE-2024-22394 was published Feb 8, 2024
Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could... Moderate Unreviewed
CVE-2024-23806 was published Feb 7, 2024
Apache Ozone Improper Authentication vulnerability Moderate
CVE-2023-39196 was published for org.apache.ozone:ozone-main (Maven) Feb 7, 2024
An improper authentication vulnerability has been reported to affect several QNAP operating... Moderate Unreviewed
CVE-2023-39303 was published Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary... Moderate Unreviewed
CVE-2023-50934 was published Feb 2, 2024
Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if... Critical Unreviewed
CVE-2024-1039 was published Feb 2, 2024
ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers... Moderate Unreviewed
CVE-2023-47256 was published Feb 2, 2024
Improper Authentication in HashiCorp Vault High
CVE-2021-3282 was published for github.com/hashicorp/vault (Go) Jan 31, 2024
OctoPrint Unverified Password Change via Access Control Settings Moderate
CVE-2024-23637 was published for OctoPrint (pip) Jan 31, 2024
tkruppert
HashiCorp Vault Authentication bypass High
CVE-2020-16251 was published for github.com/hashicorp/vault/vault (Go) Jan 31, 2024
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records Moderate
CVE-2020-15136 was published for go.etcd.io/etcd (Go) Jan 31, 2024
CrateDB authentication bypass vulnerability High
CVE-2023-51982 was published for io.crate:crate (Maven) Jan 30, 2024
Tu0Laj1
Authentik vulnerable to PKCE downgrade attack Moderate
CVE-2024-23647 was published for goauthentik.io (Go) Jan 29, 2024
pieterphilippaerts
A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as... High Unreviewed
CVE-2024-1006 was published Jan 29, 2024
When adding attachments to ticket comments, another user can add attachments as well... Moderate Unreviewed
CVE-2024-23792 was published Jan 29, 2024
A vulnerability classified as critical was found in Sichuan Yougou Technology KuERP up to 1.0.4.... Moderate Unreviewed
CVE-2024-0988 was published Jan 29, 2024
An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An... Critical Unreviewed
CVE-2024-23629 was published Jan 26, 2024
An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation... Critical Unreviewed
CVE-2024-0822 was published Jan 25, 2024
ProTip! Advisories are also available from the GraphQL API