GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,819
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,478
NuGet
605
pip
3,008
Pub
10
RubyGems
830
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,383 advisories
Filter by severity
Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows...
Moderate
Unreviewed
CVE-2023-51511
was published
Jun 4, 2024
Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing...
Moderate
Unreviewed
CVE-2023-48747
was published
Jun 4, 2024
Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing...
Moderate
Unreviewed
CVE-2023-47189
was published
Jun 4, 2024
Improper Authentication vulnerability in wpase Admin and Site Enhancements (ASE) allows Accessing...
High
Unreviewed
CVE-2023-46630
was published
Jun 4, 2024
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the...
Critical
Unreviewed
CVE-2023-43551
was published
Jun 3, 2024
TYPO3 Security Misconfiguration for Backend User Accounts
High
GHSA-rxc9-f2x6-qh4w
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 CMS Authentication Bypass vulnerability
High
GHSA-x4rj-f7m6-42c3
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Thelia authentication bypass vulnerability
High
GHSA-g8pg-33v4-9r96
was published
for
thelia/thelia
(Composer)
May 30, 2024
Symfony may allow a user to switch to using another user's identity
Moderate
GHSA-7mx2-7q8p-pgmw
was published
for
symfony/symfony
(Composer)
May 30, 2024
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
Moderate
GHSA-p5h2-vr99-xm99
was published
for
silverstripe/framework
(Composer)
May 27, 2024
jupyter-scheduler's endpoint is missing authentication
Moderate
CVE-2024-28188
was published
for
jupyter-scheduler
(pip)
May 23, 2024
scheb/two-factor-bundle bypass two-factor authentication with remember-me option
High
GHSA-9phw-7h96-q3rv
was published
for
scheb/two-factor-bundle
(Composer)
May 21, 2024
scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token
High
GHSA-h6mp-mc7g-mg49
was published
for
scheb/two-factor-bundle
(Composer)
May 21, 2024
A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects...
Low
Unreviewed
CVE-2024-5044
was published
May 17, 2024
Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects...
High
Unreviewed
CVE-2023-41956
was published
May 17, 2024
Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This...
Low
Unreviewed
CVE-2024-3487
was published
May 15, 2024
Grafana when using email as a username can block other users from signing in
Moderate
CVE-2022-39229
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Improper Authentication vulnerability in Snow Software AB Snow License Manager on Windows allows...
High
Unreviewed
CVE-2024-4129
was published
May 14, 2024
YMS VIS Pro is an information system for veterinary and food administration, veterinarians and...
Critical
Unreviewed
CVE-2024-3263
was published
May 14, 2024
An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version...
Moderate
Unreviewed
CVE-2024-4601
was published
May 7, 2024
NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass...
Critical
Unreviewed
CVE-2023-38096
was published
May 3, 2024
ArmorX Android APP's multi-factor authentication (MFA) for the login function is not properly...
High
Unreviewed
CVE-2024-4303
was published
Apr 29, 2024
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
Moderate
CVE-2024-32868
was published
for
github.com/zitadel/zitadel
(Go)
Apr 25, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9...
High
Unreviewed
CVE-2024-4024
was published
Apr 25, 2024
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions...
Moderate
Unreviewed
CVE-2024-1347
was published
Apr 25, 2024
ProTip!
Advisories are also available from the
GraphQL API