Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,572 advisories

Loading
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion Moderate
CVE-2024-43784 was published for github.com/treeverse/lakefs (Go) Nov 26, 2024
N-o-Z
A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software,... Moderate Unreviewed
CVE-2019-1980 was published May 24, 2022
A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower... High Unreviewed
CVE-2020-3410 was published May 24, 2022
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC)... Critical Unreviewed
CVE-2019-16028 was published May 24, 2022
OpenStack Keystone Improper Authentication vulnerability Moderate
CVE-2013-1865 was published for keystone (pip) May 17, 2022
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local... High Unreviewed
CVE-2016-6434 was published May 17, 2022
OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend High
CVE-2014-2237 was published for keystone (pip) May 17, 2022
OpenStack Identity (Keystone) DoS through V3 API authentication chaining High
CVE-2014-2828 was published for keystone (pip) May 17, 2022
OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user Moderate
CVE-2013-2059 was published for keystone (pip) May 17, 2022
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability.... Critical Unreviewed
CVE-2024-11680 was published Nov 26, 2024
An image with a version lower than the fuse version may potentially be booted lead to improper... High Unreviewed
CVE-2018-11952 was published Nov 26, 2024
Initial xbl_sec revision does not have all the debug policy features and critical checks. High Unreviewed
CVE-2016-10394 was published Nov 26, 2024
Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager... Moderate Unreviewed
CVE-2024-11671 was published Nov 25, 2024
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An... Critical Unreviewed
CVE-2023-28461 was published Mar 16, 2023
Withdrawn Advisory: Lunary Improper Authentication vulnerability High
CVE-2024-6582 was published for lunary (npm) Sep 13, 2024 withdrawn
vincelwt
IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead... Moderate Unreviewed
CVE-2022-33862 was published Nov 25, 2024
An authentication bypass vulnerability has been identified in Pulpcore when deployed with... Critical Unreviewed
CVE-2024-7923 was published Sep 4, 2024
A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC,... Moderate Unreviewed
CVE-2021-22764 was published May 24, 2022
A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is... Moderate Unreviewed
CVE-2023-40660 was published Nov 6, 2023
The web application uses a weak authentication mechanism to verify that a request is coming from... Critical Unreviewed
CVE-2024-45369 was published Nov 23, 2024
Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability.... High Unreviewed
CVE-2024-6248 was published Nov 22, 2024
github.com/rancher/steve's users can issue watch commands for arbitrary resources High
CVE-2024-52280 was published for github.com/rancher/steve (Go) Nov 20, 2024
CrateDB authentication bypass vulnerability High
CVE-2023-51982 was published for io.crate:crate (Maven) Jan 30, 2024
Tu0Laj1 proddata
**UNSUPPORTED WHEN ASSIGNED** The improper authentication vulnerability in the Zyxel P-6101C ADSL... High Unreviewed
CVE-2024-11494 was published Nov 20, 2024
Zope Object Database (ZODB) Authentication bypass in ZEO storage servers High
CVE-2009-0669 was published for ZODB3 (pip) May 2, 2022
anonymous4ACL24
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database