GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
144 advisories
Filter by severity
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise...
High
Unreviewed
CVE-2024-29851
was published
May 23, 2024
OPA for Windows has an SMB force-authentication vulnerability
Moderate
CVE-2024-8260
was published
for
github.com/open-policy-agent/opa
(Go)
Aug 30, 2024
There exists a vulnerability in Quickshare/Nearby where an attacker can bypass the accept file...
High
Unreviewed
CVE-2024-38272
was published
Jun 26, 2024
LinOTP replay vulnerability with auto resynchronization enabled for TOTP token
Critical
CVE-2019-12887
was published
for
LinOTP
(pip)
May 24, 2022
An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack...
Moderate
Unreviewed
CVE-2024-39081
was published
Sep 18, 2024
IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay.
High
Unreviewed
CVE-2024-46041
was published
Oct 7, 2024
Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation
High
CVE-2023-41890
was published
for
Kentor.AuthServices
(NuGet)
Sep 20, 2023
Apache Linkis Authentication Bypass vulnerability
Critical
CVE-2023-27987
was published
for
org.apache.linkis:linkis
(Maven)
Jul 6, 2023
SaltStack Salt Authentication Bypass by Capture-replay
High
CVE-2022-22936
was published
for
salt
(pip)
Mar 30, 2022
Authentication Bypass by Capture-replay in Apache Spark
High
CVE-2021-38296
was published
for
org.apache.spark:spark-core
(Maven)
Mar 11, 2022
An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an...
Critical
Unreviewed
CVE-2023-49231
was published
Mar 29, 2024
A remote authentication bypass issue exists in some
OneView APIs.
Critical
Unreviewed
CVE-2023-30909
was published
Sep 14, 2023
There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service...
High
Unreviewed
CVE-2024-22066
was published
Oct 29, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window
Moderate
CVE-2024-45244
was published
for
github.com/hyperledger/fabric
(Go)
Aug 25, 2024
Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against...
Low
Unreviewed
CVE-2024-36250
was published
Nov 9, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by...
High
Unreviewed
CVE-2024-49595
was published
Nov 26, 2024
In the development options section of the Settings app, there is a possible authentication bypass...
High
Unreviewed
CVE-2018-9477
was published
Nov 20, 2024
Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay...
Moderate
Unreviewed
CVE-2024-52534
was published
Dec 25, 2024
ProTip!
Advisories are also available from the
GraphQL API