GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,516 advisories
Filter by severity
pREST vulnerable to jwt bypass + sql injection
Critical
GHSA-wm25-j4gw-6vr3
was published
for
github.com/prest/prest
(Go)
Jul 30, 2024
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to...
High
Unreviewed
CVE-2024-6576
was published
Jul 29, 2024
Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi...
High
Unreviewed
CVE-2024-7050
was published
Jul 26, 2024
Craft CMS Allows TOTP Token To Stay Valid After Use
Moderate
CVE-2024-41800
was published
for
craftcms/cms
(Composer)
Jul 25, 2024
Remote command execution due to use of default passwords. The following products are affected:...
Critical
Unreviewed
CVE-2023-45249
was published
Jul 24, 2024
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space...
Low
Unreviewed
CVE-2024-41829
was published
Jul 22, 2024
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check
Moderate
CVE-2024-40648
was published
for
matrix-sdk-crypto
(Rust)
Jul 18, 2024
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution...
Critical
Unreviewed
CVE-2024-23471
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information...
High
Unreviewed
CVE-2024-28992
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass...
High
Unreviewed
CVE-2024-23465
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote...
Critical
Unreviewed
CVE-2024-23470
was published
Jul 17, 2024
Skupper uses a static cookie secret for the openshift oauth-proxy
Moderate
CVE-2024-6535
was published
for
github.com/skupperproject/skupper
(Go)
Jul 17, 2024
The vulnerability could be remotely exploited to bypass authentication.
Critical
Unreviewed
CVE-2024-22442
was published
Jul 16, 2024
Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received...
Moderate
Unreviewed
CVE-2024-39767
was published
Jul 15, 2024
Securepoint UTM before 12.6.5 mishandles OTP codes.
High
Unreviewed
CVE-2024-39340
was published
Jul 12, 2024
SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User
Moderate
GHSA-gh9f-6xm2-c4j2
was published
for
surrealdb
(Rust)
Jul 11, 2024
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
An attacker with write access to...
Moderate
Unreviewed
CVE-2024-38433
was published
Jul 11, 2024
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to...
Critical
Unreviewed
CVE-2024-6397
was published
Jul 11, 2024
Sensitive information disclosure in NetScaler Console
Critical
Unreviewed
CVE-2024-6235
was published
Jul 10, 2024
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
Moderate
Unreviewed
CVE-2024-38099
was published
Jul 9, 2024
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the...
Moderate
Unreviewed
CVE-2024-39723
was published
Jul 8, 2024
Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64...
Moderate
Unreviewed
CVE-2024-1573
was published
Jul 4, 2024
Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when...
High
Unreviewed
CVE-2024-39830
was published
Jul 3, 2024
In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using...
High
Unreviewed
CVE-2024-3826
was published
Jul 2, 2024
Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass...
High
Unreviewed
CVE-2024-34596
was published
Jul 2, 2024
ProTip!
Advisories are also available from the
GraphQL API