GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
257 advisories
Filter by severity
When using special mode to connect to enterprise wifi, certain options are not properly...
Moderate
Unreviewed
CVE-2020-12484
was published
Dec 17, 2024
The wifi module exposes the interface and has improper permission control, leaking sensitive...
Moderate
Unreviewed
CVE-2021-26278
was published
Dec 17, 2024
Synapse's unauthenticated writes to the media repository allow planting of problematic content
Moderate
CVE-2024-37303
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Admin authentication can be bypassed with some specific invalid credentials, which allows logging...
Moderate
Unreviewed
CVE-2024-33616
was published
Nov 26, 2024
Improper control of framework service permissions with possibility of some sensitive device...
Moderate
Unreviewed
CVE-2020-12491
was published
Nov 25, 2024
Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware...
Moderate
Unreviewed
CVE-2024-47865
was published
Nov 20, 2024
A low privileged remote attacker may modify the docker settings setup of the device, leading to a...
Moderate
Unreviewed
CVE-2024-41968
was published
Nov 18, 2024
Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without...
Moderate
Unreviewed
CVE-2024-39707
was published
Nov 15, 2024
Missing permission check in Jenkins Script Security Plugin
Moderate
CVE-2024-52549
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Nov 13, 2024
A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4...
Moderate
Unreviewed
CVE-2024-26011
was published
Nov 12, 2024
An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate...
Moderate
Unreviewed
CVE-2024-48952
was published
Nov 7, 2024
The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue...
Moderate
Unreviewed
CVE-2024-51362
was published
Nov 5, 2024
OctoPrint has API key access in settings without reauthentication
Moderate
CVE-2024-51493
was published
for
OctoPrint
(pip)
Nov 5, 2024
The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is...
Moderate
Unreviewed
CVE-2024-9430
was published
Oct 31, 2024
Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA...
Moderate
Unreviewed
CVE-2024-48442
was published
Oct 24, 2024
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2...
Moderate
Unreviewed
CVE-2024-47902
was published
Oct 23, 2024
Vilo 5 Mesh WiFi System <= 5.16.1.33 lacks authentication in the Boa webserver, which allows...
Moderate
Unreviewed
CVE-2024-40091
was published
Oct 21, 2024
CWE-306: Missing Authentication for Critical Function vulnerability exists that could
cause...
Moderate
Unreviewed
CVE-2024-8530
was published
Oct 11, 2024
An unauthenticated remote attacker may use the devices traffic capture without authentication to...
Moderate
Unreviewed
CVE-2024-35294
was published
Oct 2, 2024
Missing authentication for critical function vulnerability in proxy settings functionality in...
Moderate
Unreviewed
CVE-2023-52949
was published
Sep 26, 2024
Missing authentication for critical function vulnerability in logout functionality in Synology...
Moderate
Unreviewed
CVE-2023-52947
was published
Sep 26, 2024
The Versa Director offers REST APIs for orchestration and management. By design, certain APIs,...
Moderate
Unreviewed
CVE-2024-45229
was published
Sep 20, 2024
Mautic has insufficient authentication in upgrade flow
Moderate
CVE-2024-47051
was published
for
mautic/core
(Composer)
Sep 18, 2024
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September...
Moderate
Unreviewed
CVE-2024-8320
was published
Sep 10, 2024
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September...
Moderate
Unreviewed
CVE-2024-8321
was published
Sep 10, 2024
ProTip!
Advisories are also available from the
GraphQL API