GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,574 advisories
Filter by severity
AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s
Critical
CVE-2024-53990
was published
for
org.asynchttpclient:async-http-client
(Maven)
Dec 2, 2024
Symfony http-security has authentication bypass
Moderate
CVE-2024-36611
was published
for
symfony/security-http
(Composer)
Nov 29, 2024
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion
Moderate
CVE-2024-43784
was published
for
github.com/treeverse/lakefs
(Go)
Nov 26, 2024
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability....
Critical
Unreviewed
CVE-2024-11680
was published
Nov 26, 2024
An image with a version lower than the fuse version may potentially be booted lead to improper...
High
Unreviewed
CVE-2018-11952
was published
Nov 26, 2024
Initial xbl_sec revision does not have all the debug policy features and critical checks.
High
Unreviewed
CVE-2016-10394
was published
Nov 26, 2024
Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager...
Moderate
Unreviewed
CVE-2024-11671
was published
Nov 25, 2024
IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could
lead...
Moderate
Unreviewed
CVE-2022-33862
was published
Nov 25, 2024
The web application uses a weak authentication mechanism to verify that a request is coming from...
Critical
Unreviewed
CVE-2024-45369
was published
Nov 23, 2024
Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability....
High
Unreviewed
CVE-2024-6248
was published
Nov 22, 2024
github.com/rancher/steve's users can issue watch commands for arbitrary resources
High
CVE-2024-52280
was published
for
github.com/rancher/steve
(Go)
Nov 20, 2024
**UNSUPPORTED WHEN ASSIGNED** The improper authentication vulnerability in the Zyxel P-6101C ADSL...
High
Unreviewed
CVE-2024-11494
was published
Nov 20, 2024
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
Critical
CVE-2024-47533
was published
for
cobbler
(pip)
Nov 18, 2024
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an...
Moderate
Unreviewed
CVE-2024-11209
was published
Nov 14, 2024
Symfony has an Authentication Bypass via RememberMe
High
CVE-2024-51996
was published
for
symfony/security-http
(Composer)
Nov 13, 2024
Windows Task Scheduler Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-49039
was published
Nov 12, 2024
A vulnerability was found in pam_access due to the improper handling of tokens in access.conf,...
Moderate
Unreviewed
CVE-2024-10963
was published
Nov 7, 2024
Symfony's `Security::login` does not take into account custom `user_checker`
Low
CVE-2024-50341
was published
for
symfony/security-bundle
(Composer)
Nov 6, 2024
The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress...
High
Unreviewed
CVE-2024-9946
was published
Nov 6, 2024
The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in...
High
Unreviewed
CVE-2024-10020
was published
Nov 6, 2024
Waybox Enel X web management API authentication could be bypassed and provide administrator’s...
High
Unreviewed
CVE-2023-29117
was published
Nov 5, 2024
gitsign may use incorrect Rekor entries during verification
Low
CVE-2024-51746
was published
for
github.com/sigstore/gitsign
(Go)
Nov 5, 2024
The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication...
High
Unreviewed
CVE-2024-10097
was published
Nov 5, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all...
High
Unreviewed
CVE-2024-10114
was published
Nov 5, 2024
A vulnerability was found in knightliao Disconf 2.6.36. It has been classified as critical. This...
Moderate
Unreviewed
CVE-2024-10620
was published
Nov 1, 2024
ProTip!
Advisories are also available from the
GraphQL API