GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,031
Composer 4,303
Erlang 31
GitHub Actions 21
Go 2,072
Maven 5,246
npm 3,744
NuGet 669
pip 3,430
Pub 12
RubyGems 892
Rust 880
Swift 36

Unreviewed advisories

All unreviewed 240,693

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

320 advisories

Filter by severity

Sort by

Least recently updated

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server... Critical Unreviewed

CVE-2023-42793 was published Sep 19, 2023

Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas... Critical Unreviewed

CVE-2023-4702 was published Sep 14, 2023

Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An... Critical Unreviewed

CVE-2023-38028 was published Aug 28, 2023

SAP PowerDesigner - version 16.7, has improper access control which might allow an... Critical Unreviewed

CVE-2023-37483 was published Aug 8, 2023

Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11... Critical Unreviewed

CVE-2023-36669 was published Jul 18, 2023

AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to... Critical Unreviewed

CVE-2023-34335 was published Jul 6, 2023

In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an... Critical Unreviewed

CVE-2023-30744 was published Jul 6, 2023

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated... Critical Unreviewed

CVE-2022-41629 was published Jul 6, 2023

The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed

CVE-2023-2834 was published Jun 30, 2023

STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and... Critical Unreviewed

CVE-2023-35830 was published Jun 29, 2023

Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be... Critical Unreviewed

CVE-2023-35854 was published Jun 20, 2023

A remote unprivileged attacker can modify and access configuration settings on the EventCam App... Critical Unreviewed

CVE-2023-31411 was published Jun 19, 2023

FINS (Factory Interface Network Service) is a message communication protocol, which is designed... Critical Unreviewed

CVE-2023-27396 was published Jun 19, 2023

Improper authentication vulnerability exists in KB-AHR series and KB-IRIP series. If this... Critical Unreviewed

CVE-2023-30762 was published Jun 13, 2023

An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication... Critical Unreviewed

CVE-2023-33553 was published Jun 7, 2023

The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed

CVE-2020-36724 was published Jun 7, 2023

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed

CVE-2020-36713 was published Jun 7, 2023

The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication... Critical Unreviewed

CVE-2023-2781 was published Jun 3, 2023

It is identified a vulnerability of insufficient authentication in the system configuration... Critical Unreviewed

CVE-2023-30604 was published Jun 2, 2023

The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up... Critical Unreviewed

CVE-2023-2704 was published May 19, 2023

A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could... Critical Unreviewed

CVE-2023-20126 was published May 4, 2023

Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote... Critical Unreviewed

CVE-2023-28697 was published Apr 27, 2023

A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4... Critical Unreviewed

CVE-2023-2231 was published Apr 21, 2023

The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1... Critical Unreviewed

CVE-2023-23451 was published Apr 20, 2023

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow... Critical Unreviewed

CVE-2023-29411 was published Apr 18, 2023

Previous 1 2 3 4 5 6 … 12 13 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

320 advisories