GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
42 advisories
Filter by severity
An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack...
Moderate
Unreviewed
CVE-2024-39081
was published
Sep 18, 2024
Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypass via a Capture-Replay...
Moderate
Unreviewed
CVE-2024-37016
was published
Jul 15, 2024
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.
Moderate
Unreviewed
CVE-2024-5249
was published
Jul 30, 2024
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05
contains a replay...
Moderate
Unreviewed
CVE-2023-36857
was published
Oct 19, 2023
A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay.
Moderate
Unreviewed
CVE-2023-39373
was published
Sep 3, 2023
An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via...
Moderate
Unreviewed
CVE-2023-34553
was published
Jun 22, 2023
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request...
Moderate
Unreviewed
CVE-2023-33621
was published
Jun 13, 2023
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful...
Moderate
Unreviewed
CVE-2020-14302
was published
May 24, 2022
Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock...
Moderate
Unreviewed
CVE-2020-9438
was published
May 24, 2022
Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control.
Moderate
Unreviewed
CVE-2019-9158
was published
May 24, 2022
Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and...
Moderate
Unreviewed
CVE-2019-5307
was published
May 24, 2022
The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door...
Moderate
Unreviewed
CVE-2023-33281
was published
May 22, 2023
** DISPUTED ** An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications)...
Moderate
Unreviewed
CVE-2020-24722
was published
May 24, 2022
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC...
Moderate
Unreviewed
CVE-2023-6374
was published
Jan 30, 2024
The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical...
Moderate
Unreviewed
CVE-2023-50128
was published
Jan 11, 2024
A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4...
Moderate
Unreviewed
CVE-2023-45794
was published
Nov 14, 2023
A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and...
Moderate
Unreviewed
CVE-2023-20123
was published
Apr 5, 2023
An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application...
Moderate
Unreviewed
CVE-2019-11334
was published
May 24, 2022
The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF...
Moderate
Unreviewed
CVE-2022-45914
was published
Nov 27, 2022
GoAhead before 5.1.2 mishandles the nonce value during Digest authentication. This may permit...
Moderate
Unreviewed
CVE-2020-15688
was published
May 24, 2022
The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is...
Moderate
Unreviewed
CVE-2021-46145
was published
Jan 7, 2022
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass...
Moderate
Unreviewed
CVE-2018-16242
was published
May 13, 2022
An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2...
Moderate
Unreviewed
CVE-2021-40170
was published
Dec 16, 2021
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out,...
Moderate
Unreviewed
CVE-2020-23178
was published
May 24, 2022
Incorrect access control in push notification service in Night Owl Smart Doorbell FW version...
Moderate
Unreviewed
CVE-2020-28713
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API