GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,063
Composer 4,318
Erlang 31
GitHub Actions 21
Go 2,074
Maven 5,249
npm 3,746
NuGet 674
pip 3,434
Pub 12
RubyGems 892
Rust 880
Swift 37

Unreviewed advisories

All unreviewed 241,039

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

336 advisories

Filter by severity

Sort by

Least recently updated

Jector Smart TV FM-K75 devices allow remote code execution because there is an adb open port with... Critical Unreviewed

CVE-2019-9871 was published May 24, 2022

RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote... Critical Unreviewed

CVE-2019-12890 was published May 24, 2022

Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote... Critical Unreviewed

CVE-2019-13131 was published May 24, 2022

eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for... Critical Unreviewed

CVE-2019-10119 was published May 24, 2022

eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for... Critical Unreviewed

CVE-2019-10121 was published May 24, 2022

Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a... Critical Unreviewed

CVE-2019-13983 was published May 24, 2022

eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by... Critical Unreviewed

CVE-2019-16199 was published May 24, 2022

Victure PC530 devices allow unauthenticated TELNET access as root. Critical Unreviewed

CVE-2019-15940 was published May 24, 2022

HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any... Critical Unreviewed

CVE-2019-15064 was published May 24, 2022

In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow... Critical Unreviewed

CVE-2019-18465 was published May 24, 2022

Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and... Critical Unreviewed

CVE-2019-5644 was published May 24, 2022

SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from... Critical Unreviewed

CVE-2020-6198 was published May 24, 2022

Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP... Critical Unreviewed

CVE-2023-27497 was published Apr 11, 2023

A missing authentication for critical function vulnerability [CWE-306] in FortiPresence... Critical Unreviewed

CVE-2022-41331 was published Apr 11, 2023

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow... Critical Unreviewed

CVE-2023-29411 was published Apr 18, 2023

The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1... Critical Unreviewed

CVE-2023-23451 was published Apr 20, 2023

The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up... Critical Unreviewed

CVE-2023-2704 was published May 19, 2023

It is identified a vulnerability of insufficient authentication in the system configuration... Critical Unreviewed

CVE-2023-30604 was published Jun 2, 2023

The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication... Critical Unreviewed

CVE-2023-2781 was published Jun 3, 2023

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed

CVE-2020-36713 was published Jun 7, 2023

The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed

CVE-2020-36724 was published Jun 7, 2023

FINS (Factory Interface Network Service) is a message communication protocol, which is designed... Critical Unreviewed

CVE-2023-27396 was published Jun 19, 2023

A remote unprivileged attacker can modify and access configuration settings on the EventCam App... Critical Unreviewed

CVE-2023-31411 was published Jun 19, 2023

The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed

CVE-2023-2834 was published Jun 30, 2023

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated... Critical Unreviewed

CVE-2022-41629 was published Jul 6, 2023

Previous 1 2 … 8 9 10 11 12 13 14 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

336 advisories