GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
271 advisories
Filter by severity
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access...
Critical
Unreviewed
CVE-2024-45509
was published
Sep 2, 2024
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x...
Critical
Unreviewed
CVE-2022-30311
was published
Jun 14, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web...
Critical
Unreviewed
CVE-2022-30309
was published
Jun 14, 2022
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password...
Critical
Unreviewed
CVE-2021-3833
was published
May 24, 2022
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also...
Critical
Unreviewed
CVE-2023-43119
was published
Oct 16, 2023
app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org...
Critical
Unreviewed
CVE-2024-46918
was published
Sep 16, 2024
Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On...
Critical
Unreviewed
CVE-2024-6593
was published
Sep 25, 2024
Incorrect Authorization vulnerability in the protocol communication between the WatchGuard...
Critical
Unreviewed
CVE-2024-6592
was published
Sep 25, 2024
Apache Submarine Server Core Incorrect Authorization vulnerability
Critical
CVE-2024-36265
was published
for
apache-submarine
(Maven)
Jun 12, 2024
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing...
Critical
Unreviewed
CVE-2023-40309
was published
Sep 15, 2023
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows...
Critical
Unreviewed
CVE-2024-8606
was published
Sep 23, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2...
Critical
Unreviewed
CVE-2023-5009
was published
Sep 19, 2023
Authorization bypass in Spring Security
Critical
CVE-2022-22978
was published
for
org.springframework.security:spring-security-core
(Maven)
May 20, 2022
Improper Authorization and Origin Validation Error in OneFuzz
Critical
CVE-2021-37705
was published
for
onefuzz
(pip)
Aug 13, 2021
The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect...
Critical
Unreviewed
CVE-2023-6036
was published
Feb 12, 2024
Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers...
Critical
Unreviewed
CVE-2024-45160
was published
Oct 9, 2024
Vyper has incorrectly allocated named re-entrancy locks
Critical
CVE-2023-39363
was published
for
vyper
(pip)
Aug 9, 2023
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions
Critical
CVE-2024-25108
was published
for
pixelfed/pixelfed
(Composer)
Feb 12, 2024
An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive...
Critical
Unreviewed
CVE-2024-48772
was published
Oct 11, 2024
An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain...
Critical
Unreviewed
CVE-2024-48787
was published
Oct 11, 2024
An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain...
Critical
Unreviewed
CVE-2024-48769
was published
Oct 11, 2024
An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker...
Critical
Unreviewed
CVE-2024-48786
was published
Oct 11, 2024
An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker...
Critical
Unreviewed
CVE-2024-48784
was published
Oct 11, 2024
An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote...
Critical
Unreviewed
CVE-2024-48778
was published
Oct 11, 2024
Improper Authentication vulnerability in Apache Solr
Critical
CVE-2024-45216
was published
for
org.apache.solr:solr
(Maven)
Oct 16, 2024
ProTip!
Advisories are also available from the
GraphQL API