Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

299 advisories

Loading
upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows... Critical Unreviewed
CVE-2024-51567 was published Oct 30, 2024
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an... Critical Unreviewed
CVE-2024-5910 was published Jul 10, 2024
Improper access control in PAM vault permissions in Devolutions Server 2024.1.6 and earlier... Critical Unreviewed
CVE-2024-2921 was published Mar 26, 2024
Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an... Critical Unreviewed
CVE-2024-47406 was published Oct 25, 2024
In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page)... Critical Unreviewed
CVE-2022-31266 was published Jun 30, 2022
Authentication Bypass Using an Alternate Path or Channel vulnerability in Realty Workstation... Critical Unreviewed
CVE-2024-50489 was published Oct 28, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile... Critical Unreviewed
CVE-2024-50477 was published Oct 28, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in MaanTheme MaanStore API... Critical Unreviewed
CVE-2024-50487 was published Oct 28, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API... Critical Unreviewed
CVE-2024-50486 was published Oct 28, 2024
An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web... Critical Unreviewed
CVE-2024-42017 was published Sep 30, 2024
JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP... Critical Unreviewed
CVE-2022-29951 was published Jul 27, 2022
CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The... Critical Unreviewed
CVE-2024-10386 was published Oct 25, 2024
An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute... Critical Unreviewed
CVE-2024-26519 was published Oct 23, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST... Critical Unreviewed
CVE-2024-49328 was published Oct 20, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple... Critical Unreviewed
CVE-2024-49604 was published Oct 20, 2024
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through... Critical Unreviewed
CVE-2024-47575 was published Oct 23, 2024
Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of... Critical Unreviewed
CVE-2024-40087 was published Oct 21, 2024
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing... Critical Unreviewed
CVE-2024-45274 was published Oct 15, 2024
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality,... Critical Unreviewed
CVE-2024-9984 was published Oct 15, 2024
The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated... Critical Unreviewed
CVE-2024-3777 was published Apr 15, 2024
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to... Critical Unreviewed
CVE-2023-5716 was published Jan 19, 2024
An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9,... Critical Unreviewed
CVE-2024-9164 was published Oct 11, 2024
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-9289 was published Oct 1, 2024
TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS... Critical Unreviewed
CVE-2024-41988 was published Oct 3, 2024
An unauthenticated remote attacker may use a missing authentication for critical function... Critical Unreviewed
CVE-2024-35293 was published Oct 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database