Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

828 advisories

Loading
Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows... Critical Unreviewed
CVE-2024-5805 was published Jun 25, 2024
Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated... Critical Unreviewed
CVE-2024-3080 was published Jun 14, 2024
Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an... Critical Unreviewed
CVE-2024-30299 was published Jun 13, 2024
A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application... Critical Unreviewed
CVE-2024-36266 was published Jun 11, 2024
Rancher Recreates Default User With Known Password Despite Deletion Critical
CVE-2019-11202 was published for github.com/rancher/rancher (Go) May 24, 2022
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the... Critical Unreviewed
CVE-2023-43551 was published Jun 3, 2024
mellium.im/sasl authentication failure due to insufficient nonce randomness Critical
CVE-2022-48195 was published for mellium.im/sasl (Go) Dec 31, 2022
Magento Broken authentication and session managememt Critical
CVE-2019-8149 was published for magento/community-edition (Composer) May 24, 2022
YMS VIS Pro is an information system for veterinary and food administration, veterinarians and... Critical Unreviewed
CVE-2024-3263 was published May 14, 2024
NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass... Critical Unreviewed
CVE-2023-38096 was published May 3, 2024
OpenStack Octavia Amphora-Agent not requiring Client-Certificate Critical
CVE-2019-17134 was published for octavia (pip) May 24, 2022
OpenStack Swauth object/proxy server writing Auth Token to log file Critical
CVE-2017-16613 was published for swauth (pip) May 17, 2022
Contao Does Not Expire Tokens Correctly Critical
CVE-2019-10643 was published for contao/contao (Composer) May 13, 2022
Symfony Authentication Bypass Critical
CVE-2018-11407 was published for symfony/security (Composer) May 14, 2022
GeniXCMS Arbitrary User Password Reset Vulnerability Critical
CVE-2017-8827 was published for genix/cms (Composer) May 17, 2022
Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege... Critical Unreviewed
CVE-2023-51478 was published Apr 25, 2024
Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows... Critical Unreviewed
CVE-2023-51484 was published Apr 25, 2024
Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing... Critical Unreviewed
CVE-2023-51482 was published Apr 25, 2024
ThinkAdmin Administrator cookies still working after password change Critical
CVE-2019-11018 was published for zoujingli/thinkadmin (Composer) May 13, 2022
Gitea Allows 1FA Even for 2FA-Enrolled Accounts Critical
CVE-2019-11576 was published for code.gitea.io/gitea (Go) May 24, 2022
Dolibarr Improper Restriction of Excessive Authentication Attempts Critical
CVE-2020-7995 was published for dolibarr/dolibarr (Composer) May 24, 2022
Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing... Critical Unreviewed
CVE-2023-51477 was published Apr 24, 2024
Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege... Critical Unreviewed
CVE-2023-51472 was published Apr 24, 2024
SaltStack Salt Remote command execution and incorrect access control when using salt-api Critical
CVE-2018-15751 was published for salt (pip) May 13, 2022
SaltStack Salt Improper Authentication vulnerability Critical
CVE-2021-25281 was published for salt (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API