GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
267 advisories
Filter by severity
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an...
Critical
Unreviewed
CVE-2023-41351
was published
Nov 3, 2023
Undisclosed requests may bypass configuration utility authentication, allowing an attacker...
Critical
Unreviewed
CVE-2023-46747
was published
Oct 26, 2023
A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius...
Critical
Unreviewed
CVE-2023-39930
was published
Oct 25, 2023
Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier...
Critical
Unreviewed
CVE-2023-26573
was published
Oct 25, 2023
Vulnerability of access permissions not being strictly verified in the APPWidget module...
Critical
Unreviewed
CVE-2023-44116
was published
Oct 11, 2023
Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete...
Critical
Unreviewed
CVE-2023-43271
was published
Oct 9, 2023
Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas...
Critical
Unreviewed
CVE-2023-4702
was published
Sep 14, 2023
Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An...
Critical
Unreviewed
CVE-2023-38028
was published
Aug 28, 2023
Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11...
Critical
Unreviewed
CVE-2023-36669
was published
Jul 18, 2023
AMI BMC contains a vulnerability in the IPMI handler, where an
unauthenticated host is allowed to...
Critical
Unreviewed
CVE-2023-34335
was published
Jul 6, 2023
In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an...
Critical
Unreviewed
CVE-2023-30744
was published
Jul 6, 2023
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated...
Critical
Unreviewed
CVE-2022-41629
was published
Jul 6, 2023
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and...
Critical
Unreviewed
CVE-2023-2834
was published
Jun 30, 2023
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be...
Critical
Unreviewed
CVE-2023-35854
was published
Jun 20, 2023
A remote unprivileged attacker can modify and access configuration settings on the EventCam App...
Critical
Unreviewed
CVE-2023-31411
was published
Jun 19, 2023
FINS (Factory Interface Network Service) is a message communication protocol, which is designed...
Critical
Unreviewed
CVE-2023-27396
was published
Jun 19, 2023
The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and...
Critical
Unreviewed
CVE-2020-36724
was published
Jun 7, 2023
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and...
Critical
Unreviewed
CVE-2020-36713
was published
Jun 7, 2023
The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication...
Critical
Unreviewed
CVE-2023-2781
was published
Jun 3, 2023
It is identified a vulnerability of insufficient authentication in the system configuration...
Critical
Unreviewed
CVE-2023-30604
was published
Jun 2, 2023
The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up...
Critical
Unreviewed
CVE-2023-2704
was published
May 19, 2023
A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could...
Critical
Unreviewed
CVE-2023-20126
was published
May 4, 2023
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote...
Critical
Unreviewed
CVE-2023-28697
was published
Apr 27, 2023
A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4...
Critical
Unreviewed
CVE-2023-2231
was published
Apr 21, 2023
The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1...
Critical
Unreviewed
CVE-2023-23451
was published
Apr 20, 2023
ProTip!
Advisories are also available from the
GraphQL API