GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
103 advisories
Filter by severity
The impacted products, when configured to use SSO, are affected by an improper authentication...
Critical
Unreviewed
CVE-2021-43935
was published
Dec 16, 2021
Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication...
Critical
Unreviewed
CVE-2021-27453
was published
Dec 22, 2021
An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any...
Critical
Unreviewed
CVE-2021-43985
was published
Dec 24, 2021
This vulnerability allows remote attackers to bypass authentication on affected installations of...
Critical
Unreviewed
CVE-2022-24047
was published
Feb 19, 2022
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows...
Critical
Unreviewed
CVE-2022-0992
was published
Apr 20, 2022
Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat
Critical
CVE-2016-5018
was published
for
org.apache.tomcat.embed:tomcat-embed-jasper
(Maven)
May 13, 2022
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability....
Critical
Unreviewed
CVE-2019-3758
was published
May 24, 2022
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote...
Critical
Unreviewed
CVE-2020-10148
was published
May 24, 2022
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new...
Critical
Unreviewed
CVE-2021-32967
was published
May 24, 2022
ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated...
Critical
Unreviewed
CVE-2021-41292
was published
May 24, 2022
Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an...
Critical
Unreviewed
CVE-2021-36308
was published
May 24, 2022
SQL injection and file upload attacks are possible due to insufficient validation of input values...
Critical
Unreviewed
CVE-2021-26634
was published
Jun 3, 2022
This vulnerability allows remote attackers to bypass authentication on affected installations of...
Critical
Unreviewed
CVE-2022-35869
was published
Jul 26, 2022
Unauthorized access to Gateway user capabilities
Critical
Unreviewed
CVE-2022-27510
was published
Nov 9, 2022
Even if the authentication fails for local service authentication, the requested command could...
Critical
Unreviewed
CVE-2022-46732
was published
Jan 18, 2023
The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in...
Critical
Unreviewed
CVE-2023-2027
was published
Apr 15, 2023
The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up...
Critical
Unreviewed
CVE-2023-2499
was published
May 16, 2023
The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up...
Critical
Unreviewed
CVE-2023-2704
was published
May 19, 2023
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and...
Critical
Unreviewed
CVE-2023-2732
was published
May 25, 2023
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and...
Critical
Unreviewed
CVE-2023-2733
was published
May 25, 2023
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and...
Critical
Unreviewed
CVE-2023-2734
was published
May 25, 2023
The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication...
Critical
Unreviewed
CVE-2023-2781
was published
Jun 3, 2023
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and...
Critical
Unreviewed
CVE-2020-36713
was published
Jun 7, 2023
The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and...
Critical
Unreviewed
CVE-2020-36724
was published
Jun 7, 2023
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication...
Critical
Unreviewed
CVE-2023-2986
was published
Jun 8, 2023
ProTip!
Advisories are also available from the
GraphQL API