Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,277 advisories

Loading
BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been... Moderate Unreviewed
CVE-2024-37028 was published Aug 14, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'),... Moderate Unreviewed
CVE-2024-35775 was published Aug 13, 2024
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow... Moderate Unreviewed
CVE-2024-42164 was published Aug 12, 2024
s2n-tls's mTLS API ordering may skip client authentication Moderate
GHSA-857q-xmph-p2v5 was published for s2n-tls (Rust) Aug 9, 2024
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1... Moderate Unreviewed
CVE-2024-4784 was published Aug 8, 2024
An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a... Moderate Unreviewed
CVE-2024-34788 was published Aug 7, 2024
Alpine allows Authentication Filter bypass Moderate
CVE-2022-23554 was published for us.springett:alpine (Maven) Aug 5, 2024
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma... Moderate Unreviewed
CVE-2024-40794 was published Jul 30, 2024
Craft CMS Allows TOTP Token To Stay Valid After Use Moderate
CVE-2024-41800 was published for craftcms/cms (Composer) Jul 25, 2024
FabianTUW
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check Moderate
CVE-2024-40648 was published for matrix-sdk-crypto (Rust) Jul 18, 2024
dkasak poljar
Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received... Moderate Unreviewed
CVE-2024-39767 was published Jul 15, 2024
SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User Moderate
GHSA-gh9f-6xm2-c4j2 was published for surrealdb (Rust) Jul 11, 2024
ericwhitefield
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to... Moderate Unreviewed
CVE-2024-38433 was published Jul 11, 2024
Windows Remote Desktop Licensing Service Denial of Service Vulnerability Moderate Unreviewed
CVE-2024-38099 was published Jul 9, 2024
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the... Moderate Unreviewed
CVE-2024-39723 was published Jul 8, 2024
Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64... Moderate Unreviewed
CVE-2024-1573 was published Jul 4, 2024
Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers... Moderate Unreviewed
CVE-2024-20900 was published Jul 2, 2024
Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to... Moderate Unreviewed
CVE-2024-20890 was published Jul 2, 2024
Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair... Moderate Unreviewed
CVE-2024-20889 was published Jul 2, 2024
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient... Moderate Unreviewed
CVE-2024-37085 was published Jun 25, 2024
Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly... Moderate Unreviewed
CVE-2024-37233 was published Jun 24, 2024
SFTPGo has insufficient access control for password reset Moderate
CVE-2024-37897 was published for github.com/drakkan/sftpgo/v2 (Go) Jun 20, 2024
t7tran
PocketBase performs password auth and OAuth2 unverified email linking Moderate
CVE-2024-38351 was published for github.com/pocketbase/pocketbase (Go) Jun 18, 2024
dalurness
Firefly III has a MFA bypass in oauth flow Moderate
CVE-2024-37893 was published for grumpydictator/firefly-iii (Composer) Jun 17, 2024
Skelmis
Apache Submarine Commons Utils has a hard-coded secret Moderate
CVE-2024-36264 was published for apache-submarine (Maven) Jun 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database