Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

95 advisories

Loading
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks... Critical Unreviewed
CVE-2024-2973 was published Jun 27, 2024
IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive... High Unreviewed
CVE-2024-31916 was published Jun 27, 2024
Firefly III has a MFA bypass in oauth flow Moderate
CVE-2024-37893 was published for grumpydictator/firefly-iii (Composer) Jun 17, 2024
Skelmis
Attackers can bypass the web login authentication process to gain access to the printer's system... High Unreviewed
CVE-2024-3496 was published Jun 14, 2024
The affected product is vulnerable to an attacker modifying the bootloader by using custom... Unknown Unreviewed
CVE-2024-38279 was published Jun 13, 2024
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker... Critical Unreviewed
CVE-2024-2012 was published Jun 11, 2024
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway... Critical Unreviewed
CVE-2024-2013 was published Jun 11, 2024
Keycloak secondary factor bypass in step-up authentication Moderate
CVE-2023-3597 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
sschu jbman
parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over... High Unreviewed
CVE-2024-1646 was published Apr 16, 2024
Services that are running and bound to the loopback interface on the Artica Proxy are accessible... Unknown Unreviewed
CVE-2024-2056 was published Mar 5, 2024
The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management... Unknown Unreviewed
CVE-2024-2055 was published Mar 5, 2024
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions... Critical Unreviewed
CVE-2024-27198 was published Mar 4, 2024
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an... Critical Unreviewed
CVE-2024-1709 was published Feb 21, 2024
svix vulnerable to Authentication Bypass Moderate
CVE-2024-21491 was published for svix (Rust) Feb 13, 2024
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible Critical Unreviewed
CVE-2024-23917 was published Feb 6, 2024
Docker Moby Authentication Bypass High
CVE-2018-12608 was published for github.com/moby/moby (Go) Jan 31, 2024
An authentication bypass vulnerability has been found in Repox, which allows a remote user to... Critical Unreviewed
CVE-2023-6718 was published Dec 13, 2023
Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet... Critical Unreviewed
CVE-2023-42770 was published Nov 21, 2023
The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege... Critical Unreviewed
CVE-2023-3277 was published Nov 3, 2023
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an... Critical Unreviewed
CVE-2023-41351 was published Nov 3, 2023
A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance (ASA)... Moderate Unreviewed
CVE-2023-20247 was published Nov 1, 2023
Undisclosed requests may bypass configuration utility authentication, allowing an attacker... Critical Unreviewed
CVE-2023-46747 was published Oct 26, 2023
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring... Moderate Unreviewed
CVE-2023-39231 was published Oct 25, 2023
A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius... Critical Unreviewed
CVE-2023-39930 was published Oct 25, 2023
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to... High Unreviewed
CVE-2023-43045 was published Oct 23, 2023
ProTip! Advisories are also available from the GraphQL API