Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

274 advisories

Loading
STRIMZI incorrect access control High
CVE-2024-36543 was published for io.strimzi:strimzi (Maven) Jun 17, 2024
Toshiba printers provides API without authentication for internal access. A local attacker can... High Unreviewed
CVE-2024-27169 was published Jun 14, 2024
Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability.... High Unreviewed
CVE-2024-5951 was published Jun 13, 2024
Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import... High Unreviewed
CVE-2024-34800 was published Jun 10, 2024
When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the... High Unreviewed
CVE-2023-5935 was published May 15, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected... High Unreviewed
CVE-2024-27942 was published May 14, 2024
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an... High Unreviewed
CVE-2024-2860 was published May 8, 2024
By design, the DHCP protocol does not authenticate messages, including for example the classless... High Unreviewed
CVE-2024-3661 was published May 6, 2024
Voltronic Power ViewPower getModbusPassword Missing Authentication Information Disclosure... High Unreviewed
CVE-2023-51587 was published May 3, 2024
D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution... High Unreviewed
CVE-2023-50199 was published May 3, 2024
NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network... High Unreviewed
CVE-2023-41183 was published May 3, 2024
D-Link DAP-1325 HNAP Missing Authentication Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2023-41187 was published May 3, 2024
Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function... High Unreviewed
CVE-2023-38123 was published May 3, 2024
The devices allow access to an unprotected endpoint that allows MPFS file system binary image... High Unreviewed
CVE-2024-1491 was published Apr 19, 2024
An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an... High Unreviewed
CVE-2023-4857 was published Apr 15, 2024
Windows Update Stack Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-26235 was published Apr 9, 2024
Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service... High Unreviewed
CVE-2023-51571 was published Apr 2, 2024
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint High
CVE-2022-34321 was published for org.apache.pulsar:pulsar-proxy (Maven) Mar 12, 2024
oscerd
Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication... High Unreviewed
CVE-2023-40545 was published Feb 6, 2024
MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote... High Unreviewed
CVE-2023-49115 was published Feb 2, 2024
The cloud provider MachineSense uses for integration and deployment for multiple MachineSense... High Unreviewed
CVE-2023-6221 was published Feb 2, 2024
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation... High Unreviewed
CVE-2023-6942 was published Jan 30, 2024
An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions)... High Unreviewed
CVE-2022-45794 was published Jan 11, 2024
An authentication issue was addressed with improved state management. This issue is fixed in... High Unreviewed
CVE-2023-40393 was published Jan 11, 2024
Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect ... High Unreviewed
CVE-2023-5881 was published Jan 3, 2024
ProTip! Advisories are also available from the GraphQL API