GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,731
NuGet
662
pip
3,407
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,582 advisories
Filter by severity
Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote...
High
Unreviewed
CVE-2024-36132
was published
Aug 7, 2024
An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an...
Critical
Unreviewed
CVE-2024-36130
was published
Aug 7, 2024
RobotsAndPencils go-saml authentication bypass vulnerability
High
CVE-2023-48703
was published
for
github.com/RobotsAndPencils/go-saml
(Go)
Aug 5, 2024
Alpine allows Authentication Filter bypass
Moderate
CVE-2022-23554
was published
for
us.springett:alpine
(Maven)
Aug 5, 2024
An authentication bypass vulnerability in Korenix JetPort 5601v3 allows an attacker to access...
Critical
Unreviewed
CVE-2024-7395
was published
Aug 5, 2024
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow...
High
Unreviewed
CVE-2019-6198
was published
Jul 31, 2024
A command injection vulnerability could allow an authenticated user to execute operating system...
High
Unreviewed
CVE-2022-4002
was published
Jul 31, 2024
An authentication bypass vulnerability could allow an attacker to access API functions without...
High
Unreviewed
CVE-2022-4001
was published
Jul 31, 2024
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow...
High
Unreviewed
CVE-2019-6197
was published
Jul 31, 2024
pREST vulnerable to jwt bypass + sql injection
Critical
GHSA-wm25-j4gw-6vr3
was published
for
github.com/prest/prest
(Go)
Jul 30, 2024
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to...
High
Unreviewed
CVE-2024-6576
was published
Jul 29, 2024
Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi...
High
Unreviewed
CVE-2024-7050
was published
Jul 26, 2024
Craft CMS Allows TOTP Token To Stay Valid After Use
Moderate
CVE-2024-41800
was published
for
craftcms/cms
(Composer)
Jul 25, 2024
Remote command execution due to use of default passwords. The following products are affected:...
Critical
Unreviewed
CVE-2023-45249
was published
Jul 24, 2024
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space...
Low
Unreviewed
CVE-2024-41829
was published
Jul 22, 2024
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check
Moderate
CVE-2024-40648
was published
for
matrix-sdk-crypto
(Rust)
Jul 18, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information...
High
Unreviewed
CVE-2024-28992
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution...
Critical
Unreviewed
CVE-2024-23471
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass...
High
Unreviewed
CVE-2024-23465
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote...
Critical
Unreviewed
CVE-2024-23470
was published
Jul 17, 2024
Skupper uses a static cookie secret for the openshift oauth-proxy
High
CVE-2024-6535
was published
for
github.com/skupperproject/skupper
(Go)
Jul 17, 2024
The vulnerability could be remotely exploited to bypass authentication.
Critical
Unreviewed
CVE-2024-22442
was published
Jul 16, 2024
Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received...
Moderate
Unreviewed
CVE-2024-39767
was published
Jul 15, 2024
Securepoint UTM before 12.6.5 mishandles OTP codes.
High
Unreviewed
CVE-2024-39340
was published
Jul 12, 2024
SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User
Moderate
GHSA-gh9f-6xm2-c4j2
was published
for
surrealdb
(Rust)
Jul 11, 2024
ProTip!
Advisories are also available from the
GraphQL API