GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
143 advisories
Filter by severity
In the development options section of the Settings app, there is a possible authentication bypass...
High
Unreviewed
CVE-2018-9477
was published
Nov 20, 2024
Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by...
High
Unreviewed
CVE-2024-49595
was published
Nov 26, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against...
Low
Unreviewed
CVE-2024-36250
was published
Nov 9, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window
Moderate
CVE-2024-45244
was published
for
github.com/hyperledger/fabric
(Go)
Aug 25, 2024
There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service...
High
Unreviewed
CVE-2024-22066
was published
Oct 29, 2024
A remote authentication bypass issue exists in some
OneView APIs.
Critical
Unreviewed
CVE-2023-30909
was published
Sep 14, 2023
An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an...
Critical
Unreviewed
CVE-2023-49231
was published
Mar 29, 2024
Authentication Bypass by Capture-replay in Apache Spark
High
CVE-2021-38296
was published
for
org.apache.spark:spark-core
(Maven)
Mar 11, 2022
SaltStack Salt Authentication Bypass by Capture-replay
High
CVE-2022-22936
was published
for
salt
(pip)
Mar 30, 2022
Apache Linkis Authentication Bypass vulnerability
Critical
CVE-2023-27987
was published
for
org.apache.linkis:linkis
(Maven)
Jul 6, 2023
Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation
High
CVE-2023-41890
was published
for
Kentor.AuthServices
(NuGet)
Sep 20, 2023
IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay.
High
Unreviewed
CVE-2024-46041
was published
Oct 7, 2024
An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack...
Moderate
Unreviewed
CVE-2024-39081
was published
Sep 18, 2024
LinOTP replay vulnerability with auto resynchronization enabled for TOTP token
Critical
CVE-2019-12887
was published
for
LinOTP
(pip)
May 24, 2022
There exists a vulnerability in Quickshare/Nearby where an attacker can bypass the accept file...
High
Unreviewed
CVE-2024-38272
was published
Jun 26, 2024
OPA for Windows has an SMB force-authentication vulnerability
Moderate
CVE-2024-8260
was published
for
github.com/open-policy-agent/opa
(Go)
Aug 30, 2024
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise...
High
Unreviewed
CVE-2024-29851
was published
May 23, 2024
django-mfa2 vulnerable to MFA Replay attack
High
CVE-2022-42731
was published
for
django-mfa2
(pip)
Oct 11, 2022
The session hijacking attack targets the application layer's control mechanism, which manages...
High
Unreviewed
CVE-2024-43099
was published
Sep 13, 2024
softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has...
High
Unreviewed
CVE-2023-0035
was published
Jan 9, 2023
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an...
High
Unreviewed
CVE-2023-0036
was published
Jan 9, 2023
An attacker with local access to machine where MicroSCADA X
SYS600 is installed, could enable the...
High
Unreviewed
CVE-2024-3982
was published
Aug 27, 2024
An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and...
High
Unreviewed
CVE-2024-38890
was published
Aug 2, 2024
Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypass via a Capture-Replay...
Moderate
Unreviewed
CVE-2024-37016
was published
Jul 15, 2024
ProTip!
Advisories are also available from the
GraphQL API