Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

828 advisories

Loading
Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with... Critical Unreviewed
CVE-2023-23450 was published May 15, 2023
An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration... Critical Unreviewed
CVE-2023-27823 was published May 12, 2023
An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 allows attackers... Critical Unreviewed
CVE-2023-30328 was published May 4, 2023
Sensitive information disclosure due to improper authentication. The following products are... Critical Unreviewed
CVE-2022-30995 was published May 3, 2023
OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password... Critical Unreviewed
CVE-2022-35898 was published May 1, 2023
Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section Critical
CVE-2023-28473 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 ... Critical Unreviewed
CVE-2023-1778 was published Apr 27, 2023
Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and... Critical Unreviewed
CVE-2023-25131 was published Apr 24, 2023
An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10... Critical Unreviewed
CVE-2021-40507 was published Apr 18, 2023
An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10... Critical Unreviewed
CVE-2021-40506 was published Apr 18, 2023
An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of... Critical Unreviewed
CVE-2023-28962 was published Apr 18, 2023
Apache IoTDB Grafana Connector vulnerable to Improper Authentication Critical
CVE-2023-24831 was published for org.apache.iotdb:iotdb-grafana-connector (Maven) Apr 17, 2023
The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in... Critical Unreviewed
CVE-2023-2027 was published Apr 15, 2023
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor... Critical Unreviewed
CVE-2022-45174 was published Apr 14, 2023
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor... Critical Unreviewed
CVE-2022-45173 was published Apr 14, 2023
Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router... Critical Unreviewed
CVE-2023-1833 was published Apr 14, 2023
Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware... Critical Unreviewed
CVE-2023-1803 was published Apr 14, 2023
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an... Critical Unreviewed
CVE-2023-28121 was published Apr 12, 2023
Etcd-io Improper Authentication vulnerability Critical
CVE-2021-28235 was published for go.etcd.io/etcd/v3 (Go) Apr 4, 2023
jeecg-boot vulnerable to improper authentication Critical
CVE-2023-1784 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Mar 31, 2023
An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the... Critical Unreviewed
CVE-2023-28862 was published Mar 31, 2023
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature... Critical Unreviewed
CVE-2023-27536 was published Mar 30, 2023
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5... Critical Unreviewed
CVE-2023-28503 was published Mar 29, 2023
Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and... Critical Unreviewed
CVE-2023-28398 was published Mar 28, 2023
Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or... Critical Unreviewed
CVE-2022-4126 was published Mar 27, 2023
ProTip! Advisories are also available from the GraphQL API