GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
311 advisories
Filter by severity
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to...
Critical
Unreviewed
CVE-2024-9289
was published
Oct 1, 2024
An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web...
Critical
Unreviewed
CVE-2024-42017
was published
Sep 30, 2024
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control....
Critical
Unreviewed
CVE-2024-46293
was published
Sep 30, 2024
Certain switch models from PLANET Technology lack proper access control in firmware upload and...
Critical
Unreviewed
CVE-2024-8456
was published
Sep 30, 2024
OMNTEC Proteus Tank Monitoring OEL8000III Series
could allow an attacker to perform...
Critical
Unreviewed
CVE-2024-6981
was published
Sep 27, 2024
OPW Fuel Management Systems SiteSentinel
could allow an attacker to bypass authentication to the...
Critical
Unreviewed
CVE-2024-8310
was published
Sep 27, 2024
The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass...
Critical
Unreviewed
CVE-2024-8277
was published
Sep 11, 2024
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without...
Critical
Unreviewed
CVE-2024-36445
was published
Aug 22, 2024
D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel
Critical
Unreviewed
CVE-2024-38437
was published
Jul 21, 2024
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an...
Critical
Unreviewed
CVE-2024-5910
was published
Jul 10, 2024
An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read,...
Critical
Unreviewed
CVE-2024-6422
was published
Jul 10, 2024
A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs....
Critical
Unreviewed
CVE-2023-41918
was published
Jul 2, 2024
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /
API Gateway...
Critical
Unreviewed
CVE-2024-2013
was published
Jun 11, 2024
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel...
Critical
Unreviewed
CVE-2024-32735
was published
May 14, 2024
Control Web Panel Missing Authentication Remote Code Execution Vulnerability. This vulnerability...
Critical
Unreviewed
CVE-2023-42121
was published
May 3, 2024
Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability...
Critical
Unreviewed
CVE-2023-39457
was published
May 3, 2024
A missing authentication for critical function vulnerability has been reported to affect...
Critical
Unreviewed
CVE-2024-32764
was published
Apr 26, 2024
The system application (com.transsion.kolun.aiservice) component does not perform an...
Critical
Unreviewed
CVE-2024-3701
was published
Apr 15, 2024
The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated...
Critical
Unreviewed
CVE-2024-3777
was published
Apr 15, 2024
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive...
Critical
Unreviewed
CVE-2023-1083
was published
Apr 9, 2024
Improper access control in PAM vault permissions in Devolutions Server 2024.1.6 and earlier...
Critical
Unreviewed
CVE-2024-2921
was published
Mar 26, 2024
An unauthenticated remote attacker can modify configurations to perform a remote code execution...
Critical
Unreviewed
CVE-2024-25995
was published
Mar 12, 2024
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
Critical
Unreviewed
CVE-2024-23917
was published
Feb 6, 2024
The MachineSense application programmable interface (API) is improperly protected and can be...
Critical
Unreviewed
CVE-2023-49617
was published
Feb 2, 2024
An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An...
Critical
Unreviewed
CVE-2024-23618
was published
Jan 26, 2024
ProTip!
Advisories are also available from the
GraphQL API