GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,740
Maven
4,967
npm
3,507
NuGet
609
pip
3,064
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,402 advisories
Filter by severity
PocketBase performs password auth and OAuth2 unverified email linking
Moderate
CVE-2024-38351
was published
for
github.com/pocketbase/pocketbase
(Go)
Jun 18, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
High
CVE-2023-22650
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
Firefly III has a MFA bypass in oauth flow
Moderate
CVE-2024-37893
was published
for
grumpydictator/firefly-iii
(Composer)
Jun 17, 2024
Unauthenticated Access to sensitive settings in Argo CD
Moderate
CVE-2024-37152
was published
for
github.com/argoproj/argo-cd/v2/server
(Go)
Jun 6, 2024
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12....
Unknown
Unreviewed
CVE-2024-37367
was published
Jun 14, 2024
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The...
Unknown
Unreviewed
CVE-2024-37368
was published
Jun 14, 2024
Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated...
Critical
Unreviewed
CVE-2024-3080
was published
Jun 14, 2024
Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an...
Critical
Unreviewed
CVE-2024-30299
was published
Jun 13, 2024
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an...
High
Unreviewed
CVE-2024-34103
was published
Jun 13, 2024
Apache Submarine Commons Utils has a hard-coded secret
Moderate
CVE-2024-36264
was published
for
org.apache.submarine:submarine-commons-utils
(Maven)
Jun 12, 2024
Broken Authentication vulnerability in SoftLab Integrate Google Drive.This issue affects...
Moderate
Unreviewed
CVE-2024-35670
was published
Jun 4, 2024
A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application...
Critical
Unreviewed
CVE-2024-36266
was published
Jun 11, 2024
org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Improper Authentication vulnerability
Moderate
CVE-2018-11770
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Nov 9, 2018
Improper Authentication in CraftCMS two factor authentication plugin
Moderate
CVE-2024-5658
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
Rancher Recreates Default User With Known Password Despite Deletion
Critical
CVE-2019-11202
was published
for
github.com/rancher/rancher
(Go)
May 24, 2022
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
Moderate
CVE-2024-32868
was published
for
github.com/zitadel/zitadel
(Go)
Apr 25, 2024
ZendOpenID potential security issue in login mechanism
High
GHSA-3x57-m5p4-rgh4
was published
for
zendframework/zendopenid
(Composer)
Jun 7, 2024
Zendframework potential security issue in login mechanism
High
GHSA-9v78-h226-2rmq
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
TYPO3 Security Misconfiguration for Backend User Accounts
High
GHSA-c5mj-39cf-3pp5
was published
for
typo3/cms
(Composer)
Jun 7, 2024
A vulnerability was found in Clash up to 0.20.1 on Windows. It has been declared as critical....
High
Unreviewed
CVE-2024-5732
was published
Jun 7, 2024
Authentication Bypass in TYPO3 CMS
Moderate
GHSA-6xh8-8pfv-53vx
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows...
Moderate
Unreviewed
CVE-2023-51511
was published
Jun 4, 2024
Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing...
Moderate
Unreviewed
CVE-2023-47189
was published
Jun 4, 2024
Improper Authentication vulnerability in wpase Admin and Site Enhancements (ASE) allows Accessing...
High
Unreviewed
CVE-2023-46630
was published
Jun 4, 2024
ProTip!
Advisories are also available from the
GraphQL API