Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,303
Erlang
31
GitHub Actions
21
Go
2,071
Maven
5,000+
npm
3,744
NuGet
669
pip
3,430
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

334 advisories

Loading
Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete... Critical Unreviewed
CVE-2023-43271 was published Oct 9, 2023
sing-box vulnerable to improper authentication in the SOCKS inbound Critical
CVE-2023-43644 was published for github.com/sagernet/sing (Go) Sep 26, 2023
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server... Critical Unreviewed
CVE-2023-42793 was published Sep 19, 2023
Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas... Critical Unreviewed
CVE-2023-4702 was published Sep 14, 2023
Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An... Critical Unreviewed
CVE-2023-38028 was published Aug 28, 2023
SAP PowerDesigner - version 16.7, has improper access control which might allow an... Critical Unreviewed
CVE-2023-37483 was published Aug 8, 2023
Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11... Critical Unreviewed
CVE-2023-36669 was published Jul 18, 2023
CasaOS Gateway vulnerable to incorrect identification of source IP addresses Critical
CVE-2023-37265 was published for github.com/IceWhaleTech/CasaOS-Gateway (Go) Jul 17, 2023
thomas-chauchefoin-sonarsource
AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to... Critical Unreviewed
CVE-2023-34335 was published Jul 6, 2023
In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an... Critical Unreviewed
CVE-2023-30744 was published Jul 6, 2023
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated... Critical Unreviewed
CVE-2022-41629 was published Jul 6, 2023
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed
CVE-2023-2834 was published Jun 30, 2023
STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and... Critical Unreviewed
CVE-2023-35830 was published Jun 29, 2023
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be... Critical Unreviewed
CVE-2023-35854 was published Jun 20, 2023
A remote unprivileged attacker can modify and access configuration settings on the EventCam App... Critical Unreviewed
CVE-2023-31411 was published Jun 19, 2023
FINS (Factory Interface Network Service) is a message communication protocol, which is designed... Critical Unreviewed
CVE-2023-27396 was published Jun 19, 2023
Improper authentication vulnerability exists in KB-AHR series and KB-IRIP series. If this... Critical Unreviewed
CVE-2023-30762 was published Jun 13, 2023
An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication... Critical Unreviewed
CVE-2023-33553 was published Jun 7, 2023
The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed
CVE-2020-36724 was published Jun 7, 2023
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed
CVE-2020-36713 was published Jun 7, 2023
The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication... Critical Unreviewed
CVE-2023-2781 was published Jun 3, 2023
It is identified a vulnerability of insufficient authentication in the system configuration... Critical Unreviewed
CVE-2023-30604 was published Jun 2, 2023
The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up... Critical Unreviewed
CVE-2023-2704 was published May 19, 2023
A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could... Critical Unreviewed
CVE-2023-20126 was published May 4, 2023
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote... Critical Unreviewed
CVE-2023-28697 was published Apr 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database