GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,996
Maven
5,000+
npm
3,709
NuGet
661
pip
3,348
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,561 advisories
Filter by severity
An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with...
Moderate
Unreviewed
CVE-2024-25157
was published
Aug 14, 2024
BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been...
Moderate
Unreviewed
CVE-2024-37028
was published
Aug 14, 2024
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1...
Critical
Unreviewed
CVE-2024-7593
was published
Aug 13, 2024
Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator...
Critical
Unreviewed
CVE-2024-7746
was published
Aug 13, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'),...
Moderate
Unreviewed
CVE-2024-35775
was published
Aug 13, 2024
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow...
Moderate
Unreviewed
CVE-2024-42164
was published
Aug 12, 2024
s2n-tls's mTLS API ordering may skip client authentication
Moderate
GHSA-857q-xmph-p2v5
was published
for
s2n-tls
(Rust)
Aug 9, 2024
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1...
Moderate
Unreviewed
CVE-2024-4784
was published
Aug 8, 2024
Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote...
High
Unreviewed
CVE-2024-36132
was published
Aug 7, 2024
An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an...
Critical
Unreviewed
CVE-2024-36130
was published
Aug 7, 2024
An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a...
Moderate
Unreviewed
CVE-2024-34788
was published
Aug 7, 2024
RobotsAndPencils go-saml authentication bypass vulnerability
High
CVE-2023-48703
was published
for
github.com/RobotsAndPencils/go-saml
(Go)
Aug 5, 2024
Alpine allows Authentication Filter bypass
Moderate
CVE-2022-23554
was published
for
us.springett:alpine
(Maven)
Aug 5, 2024
An authentication bypass vulnerability in Korenix JetPort 5601v3 allows an attacker to access...
Critical
Unreviewed
CVE-2024-7395
was published
Aug 5, 2024
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow...
High
Unreviewed
CVE-2019-6198
was published
Jul 31, 2024
A command injection vulnerability could allow an authenticated user to execute operating system...
High
Unreviewed
CVE-2022-4002
was published
Jul 31, 2024
An authentication bypass vulnerability could allow an attacker to access API functions without...
High
Unreviewed
CVE-2022-4001
was published
Jul 31, 2024
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow...
High
Unreviewed
CVE-2019-6197
was published
Jul 31, 2024
pREST vulnerable to jwt bypass + sql injection
Critical
GHSA-wm25-j4gw-6vr3
was published
for
github.com/prest/prest
(Go)
Jul 30, 2024
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to...
High
Unreviewed
CVE-2024-6576
was published
Jul 29, 2024
Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi...
High
Unreviewed
CVE-2024-7050
was published
Jul 26, 2024
Craft CMS Allows TOTP Token To Stay Valid After Use
Moderate
CVE-2024-41800
was published
for
craftcms/cms
(Composer)
Jul 25, 2024
Remote command execution due to use of default passwords. The following products are affected:...
Critical
Unreviewed
CVE-2023-45249
was published
Jul 24, 2024
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space...
Low
Unreviewed
CVE-2024-41829
was published
Jul 22, 2024
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check
Moderate
CVE-2024-40648
was published
for
matrix-sdk-crypto
(Rust)
Jul 18, 2024
ProTip!
Advisories are also available from the
GraphQL API