GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of...
Critical
Unreviewed
CVE-2024-51504
was published
Nov 7, 2024
Mellium allows Authentication Bypass by Spoofing
Critical
CVE-2024-46957
was published
for
mellium.im/xmpp
(Go)
Sep 25, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7...
Critical
Unreviewed
CVE-2024-6678
was published
Sep 12, 2024
Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry...
Critical
Unreviewed
CVE-2024-37082
was published
Jul 3, 2024
The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15...
Critical
Unreviewed
CVE-2024-23674
was published
Feb 16, 2024
A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and...
Critical
Unreviewed
CVE-2023-51350
was published
Jan 12, 2024
Windows Kerberos Security Feature Bypass Vulnerability
Critical
Unreviewed
CVE-2024-20674
was published
Jan 9, 2024
Vulnerability of identity verification being bypassed in the face unlock module. Successful...
Critical
Unreviewed
CVE-2023-5801
was published
Nov 8, 2023
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication...
Critical
Unreviewed
CVE-2023-30803
was published
Oct 10, 2023
Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows...
Critical
Unreviewed
CVE-2023-4178
was published
Sep 5, 2023
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a
allows remote...
Critical
Unreviewed
CVE-2023-31424
was published
Aug 31, 2023
Vulnerability of identity verification being bypassed in the Gallery module. Successful...
Critical
Unreviewed
CVE-2022-48513
was published
Jul 6, 2023
An authentication bypass issue via spoofing was discovered in the token-based authentication...
Critical
Unreviewed
CVE-2023-22814
was published
Jul 1, 2023
** UNSUPPPORTED WHEN ASSIGNED **
** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an...
Critical
Unreviewed
CVE-2023-3243
was published
Jun 28, 2023
Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For...
Critical
Unreviewed
CVE-2021-25827
was published
Jun 28, 2023
Grafana vulnerable to Authentication Bypass by Spoofing
Critical
CVE-2023-3128
was published
for
github.com/grafana/grafana
(Go)
Jun 22, 2023
Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS...
Critical
Unreviewed
CVE-2023-2807
was published
Jun 13, 2023
Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This...
Critical
Unreviewed
CVE-2023-2887
was published
May 25, 2023
python-jwt vulnerable to token forgery with new claims
Critical
CVE-2022-39227
was published
for
python-jwt
(pip)
Sep 21, 2022
An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x...
Critical
Unreviewed
CVE-2022-2310
was published
Jul 28, 2022
Argo CD will blindly trust JWT claims if anonymous access is enabled
Critical
CVE-2022-29165
was published
for
github.com/argoproj/argo-cd
(Go)
May 24, 2022
Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are...
Critical
Unreviewed
CVE-2021-34646
was published
May 24, 2022
Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By...
Critical
Unreviewed
CVE-2020-7388
was published
May 24, 2022
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all...
Critical
Unreviewed
CVE-2021-22779
was published
May 24, 2022
HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP...
Critical
Unreviewed
CVE-2020-22001
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API