Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

31 advisories

Loading
IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access... Moderate Unreviewed
CVE-2024-25036 was published Dec 3, 2024
The web server of affected devices do not properly authenticate user request to the '/ClientArea... Moderate Unreviewed
CVE-2024-46887 was published Oct 8, 2024
IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive... Moderate Unreviewed
CVE-2024-35151 was published Aug 22, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in PruvaSoft Informatics... Moderate Unreviewed
CVE-2024-5620 was published Jul 18, 2024
Firefly III has a MFA bypass in oauth flow Moderate
CVE-2024-37893 was published for grumpydictator/firefly-iii (Composer) Jun 17, 2024
Skelmis
The affected product is vulnerable to an attacker modifying the bootloader by using custom... Moderate Unreviewed
CVE-2024-38279 was published Jun 13, 2024
Keycloak secondary factor bypass in step-up authentication Moderate
CVE-2023-3597 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
sschu jbman
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16... Moderate Unreviewed
CVE-2024-1525 was published Feb 22, 2024
svix vulnerable to Authentication Bypass Moderate
CVE-2024-21491 was published for svix (Rust) Feb 13, 2024
A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance (ASA)... Moderate Unreviewed
CVE-2023-20247 was published Nov 1, 2023
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring... Moderate Unreviewed
CVE-2023-39231 was published Oct 25, 2023
The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2021-4353 was published Oct 20, 2023
A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi... Moderate Unreviewed
CVE-2023-4957 was published Oct 11, 2023
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource... Moderate Unreviewed
CVE-2023-30946 was published Jun 29, 2023
The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up... Moderate Unreviewed
CVE-2021-4373 was published Jun 7, 2023
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass... Moderate Unreviewed
CVE-2022-36249 was published May 30, 2023
A vulnerability in the social login configuration option for the guest users of Cisco Business... Moderate Unreviewed
CVE-2023-20003 was published May 18, 2023
PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be... Moderate Unreviewed
CVE-2022-40725 was published Apr 25, 2023
A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series... Moderate Unreviewed
CVE-2023-20018 was published Jan 20, 2023
PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service... Moderate Unreviewed
CVE-2022-23719 was published Jul 1, 2022
PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry... Moderate Unreviewed
CVE-2022-23725 was published Jul 1, 2022
This vulnerability allows network-adjacent attackers to disclose sensitive information on... Moderate Unreviewed
CVE-2020-27863 was published May 24, 2022
This vulnerability allows network-adjacent attackers to disclose sensitive information on... Moderate Unreviewed
CVE-2020-17409 was published May 24, 2022
This vulnerability allows network-adjacent attackers to bypass authentication on affected... Moderate Unreviewed
CVE-2020-15633 was published May 24, 2022
Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions... Moderate Unreviewed
CVE-2021-32958 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database