Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,516 advisories

Loading
pREST vulnerable to jwt bypass + sql injection Critical
GHSA-wm25-j4gw-6vr3 was published for github.com/prest/prest (Go) Jul 30, 2024
mihail8531
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to... High Unreviewed
CVE-2024-6576 was published Jul 29, 2024
Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi... High Unreviewed
CVE-2024-7050 was published Jul 26, 2024
Craft CMS Allows TOTP Token To Stay Valid After Use Moderate
CVE-2024-41800 was published for craftcms/cms (Composer) Jul 25, 2024
FabianTUW
Remote command execution due to use of default passwords. The following products are affected:... Critical Unreviewed
CVE-2023-45249 was published Jul 24, 2024
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space... Low Unreviewed
CVE-2024-41829 was published Jul 22, 2024
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check Moderate
CVE-2024-40648 was published for matrix-sdk-crypto (Rust) Jul 18, 2024
dkasak poljar
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution... Critical Unreviewed
CVE-2024-23471 was published Jul 17, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information... High Unreviewed
CVE-2024-28992 was published Jul 17, 2024
The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass... High Unreviewed
CVE-2024-23465 was published Jul 17, 2024
The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote... Critical Unreviewed
CVE-2024-23470 was published Jul 17, 2024
Skupper uses a static cookie secret for the openshift oauth-proxy Moderate
CVE-2024-6535 was published for github.com/skupperproject/skupper (Go) Jul 17, 2024
The vulnerability could be remotely exploited to bypass authentication. Critical Unreviewed
CVE-2024-22442 was published Jul 16, 2024
Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received... Moderate Unreviewed
CVE-2024-39767 was published Jul 15, 2024
Securepoint UTM before 12.6.5 mishandles OTP codes. High Unreviewed
CVE-2024-39340 was published Jul 12, 2024
SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User Moderate
GHSA-gh9f-6xm2-c4j2 was published for surrealdb (Rust) Jul 11, 2024
ericwhitefield
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to... Moderate Unreviewed
CVE-2024-38433 was published Jul 11, 2024
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-6397 was published Jul 11, 2024
Sensitive information disclosure in NetScaler Console Critical Unreviewed
CVE-2024-6235 was published Jul 10, 2024
Windows Remote Desktop Licensing Service Denial of Service Vulnerability Moderate Unreviewed
CVE-2024-38099 was published Jul 9, 2024
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the... Moderate Unreviewed
CVE-2024-39723 was published Jul 8, 2024
Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64... Moderate Unreviewed
CVE-2024-1573 was published Jul 4, 2024
Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when... High Unreviewed
CVE-2024-39830 was published Jul 3, 2024
In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using... High Unreviewed
CVE-2024-3826 was published Jul 2, 2024
Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass... High Unreviewed
CVE-2024-34596 was published Jul 2, 2024
ProTip! Advisories are also available from the GraphQL API