Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

43 advisories

Loading
The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires... High Unreviewed
CVE-2021-33017 was published Dec 28, 2021
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service... High Unreviewed
CVE-2022-22189 was published Apr 15, 2022
Use of static encryption key material allows forging an authentication token to other users... High Unreviewed
CVE-2022-23724 was published May 5, 2022
glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster... High Unreviewed
CVE-2018-10841 was published May 13, 2022
Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to... High Unreviewed
CVE-2019-13526 was published May 24, 2022
This vulnerability allows network-adjacent attackers to bypass authentication on affected... High Unreviewed
CVE-2020-27866 was published May 24, 2022
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected... High Unreviewed
CVE-2020-27865 was published May 24, 2022
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's... High Unreviewed
CVE-2021-35530 was published Jun 8, 2022
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service... High Unreviewed
CVE-2022-2031 was published Aug 26, 2022
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus... High Unreviewed
CVE-2022-47578 was published Dec 20, 2022
An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer... High Unreviewed
CVE-2023-31152 was published May 10, 2023
A proprietary protocol for iBoot devices is used for control and keepalive commands. The function... High Unreviewed
CVE-2022-47311 was published May 23, 2023
The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to,... High Unreviewed
CVE-2023-2546 was published Jun 6, 2023
The iBoot device’s basic discovery protocol assists in initial device configuration. The... High Unreviewed
CVE-2022-47320 was published Jul 6, 2023
Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310... High Unreviewed
CVE-2023-42771 was published Oct 3, 2023
WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive... High Unreviewed
CVE-2023-46319 was published Oct 23, 2023
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to... High Unreviewed
CVE-2023-43045 was published Oct 23, 2023
An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the... High Unreviewed
CVE-2024-26566 was published Mar 7, 2024
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login... High Unreviewed
CVE-2024-31814 was published Apr 8, 2024
parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over... High Unreviewed
CVE-2024-1646 was published Apr 16, 2024
An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access... High Unreviewed
CVE-2022-32503 was published May 14, 2024
An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local... High Unreviewed
CVE-2024-29853 was published May 23, 2024
Attackers can bypass the web login authentication process to gain access to the printer's system... High Unreviewed
CVE-2024-3496 was published Jun 14, 2024
IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive... High Unreviewed
CVE-2024-31916 was published Jun 27, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in... High Unreviewed
CVE-2024-6635 was published Jul 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database