GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,152 advisories
Filter by severity
Skupper uses a static cookie secret for the openshift oauth-proxy
Moderate
CVE-2024-6535
was published
for
github.com/skupperproject/skupper
(Go)
Jul 17, 2024
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check
Moderate
CVE-2024-40648
was published
for
matrix-sdk-crypto
(Rust)
Jul 18, 2024
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote...
Moderate
Unreviewed
CVE-2013-0625
was published
May 17, 2022
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
An attacker with write access to...
Moderate
Unreviewed
CVE-2024-38433
was published
Jul 11, 2024
Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received...
Moderate
Unreviewed
CVE-2024-39767
was published
Jul 15, 2024
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the...
Moderate
Unreviewed
CVE-2024-39723
was published
Jul 8, 2024
SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User
Moderate
GHSA-gh9f-6xm2-c4j2
was published
for
surrealdb
(Rust)
Jul 11, 2024
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
Moderate
Unreviewed
CVE-2024-38099
was published
Jul 9, 2024
PocketBase performs password auth and OAuth2 unverified email linking
Moderate
CVE-2024-38351
was published
for
github.com/pocketbase/pocketbase
(Go)
Jun 18, 2024
Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers...
Moderate
Unreviewed
CVE-2024-20900
was published
Jul 2, 2024
Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to...
Moderate
Unreviewed
CVE-2024-20890
was published
Jul 2, 2024
Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair...
Moderate
Unreviewed
CVE-2024-20889
was published
Jul 2, 2024
Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64...
Moderate
Unreviewed
CVE-2024-1573
was published
Jul 4, 2024
Quarkus: authorization flaw in quarkus resteasy reactive and classic
Moderate
CVE-2023-5675
was published
for
io.quarkus:quarkus-resteasy-reactive-common
(Maven)
Apr 25, 2024
An authentication issue was addressed with improved state management. This issue is fixed in...
Moderate
Unreviewed
CVE-2024-23251
was published
Jun 10, 2024
An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header...
Moderate
Unreviewed
CVE-2024-34093
was published
May 6, 2024
VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability.
A...
Moderate
Unreviewed
CVE-2024-22247
was published
Apr 2, 2024
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
Moderate
CVE-2022-23541
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly...
Moderate
Unreviewed
CVE-2024-37233
was published
Jun 24, 2024
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
Moderate
CVE-2022-23540
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
SFTPGo has insufficient access control for password reset
Moderate
CVE-2024-37897
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Jun 20, 2024
Firefly III has a MFA bypass in oauth flow
Moderate
CVE-2024-37893
was published
for
grumpydictator/firefly-iii
(Composer)
Jun 17, 2024
Unauthenticated Access to sensitive settings in Argo CD
Moderate
CVE-2024-37152
was published
for
github.com/argoproj/argo-cd/v2/server
(Go)
Jun 6, 2024
Apache Submarine Commons Utils has a hard-coded secret
Moderate
CVE-2024-36264
was published
for
org.apache.submarine:submarine-commons-utils
(Maven)
Jun 12, 2024
Broken Authentication vulnerability in SoftLab Integrate Google Drive.This issue affects...
Moderate
Unreviewed
CVE-2024-35670
was published
Jun 4, 2024
ProTip!
Advisories are also available from the
GraphQL API