GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
33 advisories
Filter by severity
Apache Kafka's SCRAM implementation Incorrectly Implements Authentication Algorithm
Low
CVE-2024-56128
was published
for
org.apache.kafka:kafka
(Maven)
Dec 18, 2024
Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11...
Critical
Unreviewed
CVE-2024-10127
was published
Nov 20, 2024
In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication...
Moderate
Unreviewed
CVE-2024-9999
was published
Nov 12, 2024
Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against...
Low
Unreviewed
CVE-2024-36250
was published
Nov 9, 2024
Mattermost incorrectly issues two sessions when using desktop SSO
Low
CVE-2024-10214
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 28, 2024
Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit
Moderate
CVE-2024-8642
was published
for
org.eclipse.edc:transfer-data-plane
(Maven)
Sep 11, 2024
An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with...
Moderate
Unreviewed
CVE-2024-25157
was published
Aug 14, 2024
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space...
Low
Unreviewed
CVE-2024-41829
was published
Jul 22, 2024
Inappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 allowed a remote...
Critical
Unreviewed
CVE-2023-4860
was published
Jul 17, 2024
In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE...
High
Unreviewed
CVE-2024-34722
was published
Jul 9, 2024
An authentication bypass vulnerability has been identified in the REST and SOAP API components of...
Unknown
Unreviewed
CVE-2024-4332
was published
Jun 3, 2024
An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when...
Critical
Unreviewed
CVE-2024-4985
was published
May 21, 2024
D-Link DIR-X3260 prog.cgi Incorrect Implementation of Authentication Algorithm Authentication...
High
Unreviewed
CVE-2023-44420
was published
May 3, 2024
D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication...
High
Unreviewed
CVE-2023-34274
was published
May 3, 2024
D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass...
High
Unreviewed
CVE-2023-34282
was published
May 3, 2024
D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability. This vulnerability allows...
Moderate
Unreviewed
CVE-2023-32148
was published
May 3, 2024
D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability. This vulnerability allows...
Moderate
Unreviewed
CVE-2023-32152
was published
May 3, 2024
social-auth-app-django affected by Improper Handling of Case Sensitivity
Moderate
CVE-2024-32879
was published
for
social-auth-app-django
(pip)
Apr 24, 2024
Windows Kerberos Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-26248
was published
Apr 9, 2024
Eclipse Kura LogServlet vulnerability
High
CVE-2024-3046
was published
for
org.eclipse.kura:org.eclipse.kura.web2
(Maven)
Apr 9, 2024
Insufficient authentication flow in Checkmk before 2.2.0p17, 2.1.0p37 and 2.0.0p39 allows...
High
Unreviewed
CVE-2023-31211
was published
Jan 12, 2024
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password...
Moderate
Unreviewed
CVE-2023-4641
was published
Dec 27, 2023
pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket...
Critical
Unreviewed
CVE-2023-3326
was published
Jun 22, 2023
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3...
Critical
Unreviewed
CVE-2023-29129
was published
Jun 13, 2023
An authentication bypass vulnerability exists in the Authentication functionality of Weston...
High
Unreviewed
CVE-2022-41985
was published
May 10, 2023
ProTip!
Advisories are also available from the
GraphQL API