GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
133 advisories
Filter by severity
The session hijacking attack targets the application layer's control mechanism, which manages...
High
Unreviewed
CVE-2024-43099
was published
Sep 13, 2024
OPA for Windows has an SMB force-authentication vulnerability
Moderate
CVE-2024-8260
was published
for
github.com/open-policy-agent/opa
(Go)
Aug 30, 2024
An attacker with local access to machine where MicroSCADA X
SYS600 is installed, could enable the...
High
Unreviewed
CVE-2024-3982
was published
Aug 27, 2024
An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and...
High
Unreviewed
CVE-2024-38890
was published
Aug 2, 2024
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.
Moderate
Unreviewed
CVE-2024-5249
was published
Jul 30, 2024
D-Link -
CWE-294: Authentication Bypass by Capture-replay
Critical
Unreviewed
CVE-2024-38438
was published
Jul 21, 2024
Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypass via a Capture-Replay...
Moderate
Unreviewed
CVE-2024-37016
was published
Jul 15, 2024
There exists a vulnerability in Quickshare/Nearby where an attacker can bypass the accept file...
High
Unreviewed
CVE-2024-38272
was published
Jun 26, 2024
Transmitted data is logged between the device and the backend service. An attacker could use...
Unknown
Unreviewed
CVE-2024-38284
was published
Jun 13, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
Replay Attack
in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows...
Critical
Unreviewed
CVE-2024-4009
was published
Jun 5, 2024
Veeam Backup Enterprise Manager allows account takeover via NTLM relay.
High
Unreviewed
CVE-2024-29850
was published
May 23, 2024
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise...
High
Unreviewed
CVE-2024-29851
was published
May 23, 2024
An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass...
Critical
Unreviewed
CVE-2023-47435
was published
Apr 19, 2024
@workos-inc/authkit-nextjs session replay vulnerability
Moderate
CVE-2024-29901
was published
for
@workos-inc/authkit-nextjs
(npm)
Mar 29, 2024
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC...
Moderate
Unreviewed
CVE-2023-6374
was published
Jan 30, 2024
The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to...
High
Unreviewed
CVE-2023-46892
was published
Jan 23, 2024
The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical...
Moderate
Unreviewed
CVE-2023-50128
was published
Jan 11, 2024
Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3...
High
Unreviewed
CVE-2022-46480
was published
Dec 5, 2023
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X...
High
Unreviewed
CVE-2023-39547
was published
Nov 17, 2023
A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4...
Moderate
Unreviewed
CVE-2023-45794
was published
Nov 14, 2023
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05
contains a replay...
Moderate
Unreviewed
CVE-2023-36857
was published
Oct 19, 2023
A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay.
Moderate
Unreviewed
CVE-2023-39373
was published
Sep 3, 2023
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor with man-in...
High
Unreviewed
CVE-2023-20900
was published
Aug 31, 2023
ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation...
High
Unreviewed
CVE-2023-34625
was published
Jul 20, 2023
ProTip!
Advisories are also available from the
GraphQL API