GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,135
Composer 4,081
Erlang 29
GitHub Actions 19
Go 1,909
Maven 5,106
npm 3,642
NuGet 638
pip 3,258
Pub 10
RubyGems 869
Rust 820
Swift 35

Unreviewed advisories

All unreviewed 229,001

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

44 advisories

Filter by severity

Sort by

Least recently updated

OPA for Windows has an SMB force-authentication vulnerability Moderate

CVE-2024-8260 was published for github.com/open-policy-agent/opa (Go) Aug 30, 2024

In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed. Moderate Unreviewed

CVE-2024-5249 was published Jul 30, 2024

Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypass via a Capture-Replay... Moderate Unreviewed

CVE-2024-37016 was published Jul 15, 2024

@workos-inc/authkit-nextjs session replay vulnerability Moderate

CVE-2024-29901 was published for @workos-inc/authkit-nextjs (npm) Mar 29, 2024

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC... Moderate Unreviewed

CVE-2023-6374 was published Jan 30, 2024

The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical... Moderate Unreviewed

CVE-2023-50128 was published Jan 11, 2024

A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4... Moderate Unreviewed

CVE-2023-45794 was published Nov 14, 2023

Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay... Moderate Unreviewed

CVE-2023-36857 was published Oct 19, 2023

A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay. Moderate Unreviewed

CVE-2023-39373 was published Sep 3, 2023

An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via... Moderate Unreviewed

CVE-2023-34553 was published Jun 22, 2023

GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request... Moderate Unreviewed

CVE-2023-33621 was published Jun 13, 2023

The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door... Moderate Unreviewed

CVE-2023-33281 was published May 22, 2023

A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and... Moderate Unreviewed

CVE-2023-20123 was published Apr 5, 2023

The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass... Moderate Unreviewed

CVE-2022-43704 was published Jan 20, 2023

An OpenPGP digital signature includes information about the date when the signature was created.... Moderate Unreviewed

CVE-2022-2226 was published Dec 22, 2022

The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF... Moderate Unreviewed

CVE-2022-45914 was published Nov 27, 2022

The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles... Moderate Unreviewed

CVE-2022-37418 was published Aug 25, 2022

The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicles through 2020 allows... Moderate Unreviewed

CVE-2022-36945 was published Aug 25, 2022

The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows... Moderate Unreviewed

CVE-2022-37305 was published Aug 25, 2022

relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to... Moderate Unreviewed

CVE-2022-29593 was published Jul 15, 2022

Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote... Moderate Unreviewed

CVE-2022-30467 was published Jun 30, 2022

joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture... Moderate Unreviewed

CVE-2022-30466 was published Jun 8, 2022

An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out,... Moderate Unreviewed

CVE-2020-23178 was published May 24, 2022

Incorrect access control in push notification service in Night Owl Smart Doorbell FW version... Moderate Unreviewed

CVE-2020-28713 was published May 24, 2022

Improper Authorization vulnerability in Netop Vision Pro up to and including to 9.7.1 allows an... Moderate Unreviewed

CVE-2021-27195 was published May 24, 2022

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

44 advisories