GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
838 advisories
Filter by severity
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
High
Unreviewed
CVE-2024-21007
was published
Apr 17, 2024
An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an...
High
Unreviewed
CVE-2023-4857
was published
Apr 15, 2024
The system application (com.transsion.kolun.aiservice) component does not perform an...
Critical
Unreviewed
CVE-2024-3701
was published
Apr 15, 2024
A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe...
Moderate
Unreviewed
CVE-2024-30391
was published
Apr 12, 2024
Windows Update Stack Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-26235
was published
Apr 9, 2024
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive...
Critical
Unreviewed
CVE-2023-1083
was published
Apr 9, 2024
A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart...
Moderate
Unreviewed
CVE-2023-25493
was published
Apr 5, 2024
** DISPUTED ** A Missing Authentication for Critical Function issue affecting the HTTP service...
Moderate
Unreviewed
CVE-2023-6949
was published
Apr 2, 2024
Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service...
High
Unreviewed
CVE-2023-51571
was published
Apr 2, 2024
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue...
Moderate
Unreviewed
CVE-2022-38057
was published
Mar 25, 2024
Jupyter Server Proxy's Websocket Proxying does not require authentication
Critical
CVE-2024-28179
was published
for
jupyter-server-proxy
(pip)
Mar 20, 2024
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
High
CVE-2022-34321
was published
for
org.apache.pulsar:pulsar-proxy
(Maven)
Mar 12, 2024
An unauthenticated remote attacker can modify configurations to perform a remote code execution...
Critical
Unreviewed
CVE-2024-25995
was published
Mar 12, 2024
RPyC's missing security check results in code execution when using numpy.array on the server-side.
High
CVE-2024-27758
was published
for
rpyc
(pip)
Mar 6, 2024
A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as...
Moderate
Unreviewed
CVE-2024-2076
was published
Mar 1, 2024
Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful...
Unknown
Unreviewed
CVE-2022-48621
was published
Feb 18, 2024
Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication...
High
Unreviewed
CVE-2023-40545
was published
Feb 6, 2024
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
Critical
Unreviewed
CVE-2024-23917
was published
Feb 6, 2024
The MachineSense application programmable interface (API) is improperly protected and can be...
Critical
Unreviewed
CVE-2023-49617
was published
Feb 2, 2024
The cloud provider MachineSense uses for integration and deployment for multiple MachineSense...
High
Unreviewed
CVE-2023-6221
was published
Feb 2, 2024
MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote...
High
Unreviewed
CVE-2023-49115
was published
Feb 2, 2024
Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for...
Moderate
Unreviewed
CVE-2024-22449
was published
Feb 1, 2024
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records
Moderate
CVE-2020-15136
was published
for
go.etcd.io/etcd
(Go)
Jan 31, 2024
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation...
High
Unreviewed
CVE-2023-6942
was published
Jan 30, 2024
An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An...
Critical
Unreviewed
CVE-2024-23618
was published
Jan 26, 2024
ProTip!
Advisories are also available from the
GraphQL API