GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
748 advisories
Filter by severity
A missing authentication for critical function vulnerability has been reported to affect...
Critical
Unreviewed
CVE-2024-32764
was published
Apr 26, 2024
An unauthenticated attacker can reset the board and stop transmitter
operations by sending a...
Moderate
Unreviewed
CVE-2024-21846
was published
Apr 19, 2024
The devices allow access to an unprotected endpoint that allows MPFS
file system binary image...
High
Unreviewed
CVE-2024-1491
was published
Apr 19, 2024
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
High
Unreviewed
CVE-2024-21007
was published
Apr 17, 2024
An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an...
High
Unreviewed
CVE-2023-4857
was published
Apr 15, 2024
The system application (com.transsion.kolun.aiservice) component does not perform an...
Critical
Unreviewed
CVE-2024-3701
was published
Apr 15, 2024
A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe...
Moderate
Unreviewed
CVE-2024-30391
was published
Apr 12, 2024
Windows Update Stack Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-26235
was published
Apr 9, 2024
A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart...
Moderate
Unreviewed
CVE-2023-25493
was published
Apr 5, 2024
** DISPUTED ** A Missing Authentication for Critical Function issue affecting the HTTP service...
Moderate
Unreviewed
CVE-2023-6949
was published
Apr 2, 2024
Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service...
High
Unreviewed
CVE-2023-51571
was published
Apr 2, 2024
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue...
Moderate
Unreviewed
CVE-2022-38057
was published
Mar 25, 2024
An unauthenticated remote attacker can modify configurations to perform a remote code execution...
Critical
Unreviewed
CVE-2024-25995
was published
Mar 12, 2024
A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as...
Moderate
Unreviewed
CVE-2024-2076
was published
Mar 1, 2024
Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful...
Unknown
Unreviewed
CVE-2022-48621
was published
Feb 18, 2024
Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication...
High
Unreviewed
CVE-2023-40545
was published
Feb 6, 2024
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
Critical
Unreviewed
CVE-2024-23917
was published
Feb 6, 2024
MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote...
High
Unreviewed
CVE-2023-49115
was published
Feb 2, 2024
The MachineSense application programmable interface (API) is improperly protected and can be...
Critical
Unreviewed
CVE-2023-49617
was published
Feb 2, 2024
The cloud provider MachineSense uses for integration and deployment for multiple MachineSense...
High
Unreviewed
CVE-2023-6221
was published
Feb 2, 2024
Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for...
Moderate
Unreviewed
CVE-2024-22449
was published
Feb 1, 2024
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation...
High
Unreviewed
CVE-2023-6942
was published
Jan 30, 2024
An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An...
Critical
Unreviewed
CVE-2024-23618
was published
Jan 26, 2024
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote...
Critical
Unreviewed
CVE-2023-51947
was published
Jan 19, 2024
A missing authentication check in the WebSocket channel used for the Check Point IoT integration...
Moderate
Unreviewed
CVE-2023-5253
was published
Jan 15, 2024
ProTip!
Advisories are also available from the
GraphQL API