Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

281 advisories

Loading
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without... Critical Unreviewed
CVE-2024-36445 was published Aug 22, 2024
D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel Critical Unreviewed
CVE-2024-38437 was published Jul 21, 2024
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an... Critical Unreviewed
CVE-2024-5910 was published Jul 10, 2024
An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read,... Critical Unreviewed
CVE-2024-6422 was published Jul 10, 2024
A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs.... Critical Unreviewed
CVE-2023-41918 was published Jul 2, 2024
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway... Critical Unreviewed
CVE-2024-2013 was published Jun 11, 2024
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel... Critical Unreviewed
CVE-2024-32735 was published May 14, 2024
Control Web Panel Missing Authentication Remote Code Execution Vulnerability. This vulnerability... Critical Unreviewed
CVE-2023-42121 was published May 3, 2024
Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability... Critical Unreviewed
CVE-2023-39457 was published May 3, 2024
A missing authentication for critical function vulnerability has been reported to affect... Critical Unreviewed
CVE-2024-32764 was published Apr 26, 2024
The system application (com.transsion.kolun.aiservice) component does not perform an... Critical Unreviewed
CVE-2024-3701 was published Apr 15, 2024
Jupyter Server Proxy's Websocket Proxying does not require authentication Critical
CVE-2024-28179 was published for jupyter-server-proxy (pip) Mar 20, 2024
yuvipanda consideRatio
manics minrk krassowski dlqqq eddelbuettel
An unauthenticated remote attacker can modify configurations to perform a remote code execution... Critical Unreviewed
CVE-2024-25995 was published Mar 12, 2024
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible Critical Unreviewed
CVE-2024-23917 was published Feb 6, 2024
The MachineSense application programmable interface (API) is improperly protected and can be... Critical Unreviewed
CVE-2023-49617 was published Feb 2, 2024
An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An... Critical Unreviewed
CVE-2024-23618 was published Jan 26, 2024
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote... Critical Unreviewed
CVE-2023-51947 was published Jan 19, 2024
The router console is accessible without authentication at "data" field, and while a user needs... Critical Unreviewed
CVE-2023-49255 was published Jan 12, 2024
D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to... Critical Unreviewed
CVE-2023-51989 was published Jan 11, 2024
D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to... Critical Unreviewed
CVE-2023-51987 was published Jan 11, 2024
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and... Critical Unreviewed
CVE-2023-29485 was published Dec 21, 2023
An authentication bypass vulnerability has been found in Repox, which allows a remote user to... Critical Unreviewed
CVE-2023-6718 was published Dec 13, 2023
NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port... Critical Unreviewed
CVE-2023-49693 was published Nov 30, 2023
Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet... Critical Unreviewed
CVE-2023-42770 was published Nov 21, 2023
Missing authentication for critical function vulnerability in First Corporation's DVRs allows a... Critical Unreviewed
CVE-2023-47674 was published Nov 16, 2023
ProTip! Advisories are also available from the GraphQL API