GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
836 advisories
Filter by severity
The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote...
Critical
Unreviewed
CVE-2024-23470
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution...
Critical
Unreviewed
CVE-2024-23471
was published
Jul 17, 2024
The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up...
Critical
Unreviewed
CVE-2024-5432
was published
Jun 20, 2024
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to...
Critical
Unreviewed
CVE-2024-6397
was published
Jul 11, 2024
Sensitive information disclosure in NetScaler Console
Critical
Unreviewed
CVE-2024-6235
was published
Jul 10, 2024
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise...
Critical
Unreviewed
CVE-2024-29849
was published
May 23, 2024
Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication.
Critical
Unreviewed
CVE-2024-37019
was published
Jun 3, 2024
D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg...
Critical
Unreviewed
CVE-2024-33110
was published
May 6, 2024
Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows...
Critical
Unreviewed
CVE-2024-5805
was published
Jun 25, 2024
Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated...
Critical
Unreviewed
CVE-2024-3080
was published
Jun 14, 2024
Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an...
Critical
Unreviewed
CVE-2024-30299
was published
Jun 13, 2024
A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application...
Critical
Unreviewed
CVE-2024-36266
was published
Jun 11, 2024
Rancher Recreates Default User With Known Password Despite Deletion
Critical
CVE-2019-11202
was published
for
github.com/rancher/rancher
(Go)
May 24, 2022
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the...
Critical
Unreviewed
CVE-2023-43551
was published
Jun 3, 2024
mellium.im/sasl authentication failure due to insufficient nonce randomness
Critical
CVE-2022-48195
was published
for
mellium.im/sasl
(Go)
Dec 31, 2022
Magento Broken authentication and session managememt
Critical
CVE-2019-8149
was published
for
magento/community-edition
(Composer)
May 24, 2022
YMS VIS Pro is an information system for veterinary and food administration, veterinarians and...
Critical
Unreviewed
CVE-2024-3263
was published
May 14, 2024
NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass...
Critical
Unreviewed
CVE-2023-38096
was published
May 3, 2024
OpenStack Octavia Amphora-Agent not requiring Client-Certificate
Critical
CVE-2019-17134
was published
for
octavia
(pip)
May 24, 2022
OpenStack Swauth object/proxy server writing Auth Token to log file
Critical
CVE-2017-16613
was published
for
swauth
(pip)
May 17, 2022
Contao Does Not Expire Tokens Correctly
Critical
CVE-2019-10643
was published
for
contao/contao
(Composer)
May 13, 2022
Symfony Authentication Bypass
Critical
CVE-2018-11407
was published
for
symfony/security
(Composer)
May 14, 2022
GeniXCMS Arbitrary User Password Reset Vulnerability
Critical
CVE-2017-8827
was published
for
genix/cms
(Composer)
May 17, 2022
Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows...
Critical
Unreviewed
CVE-2023-51484
was published
Apr 25, 2024
Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege...
Critical
Unreviewed
CVE-2023-51478
was published
Apr 25, 2024
ProTip!
Advisories are also available from the
GraphQL API