GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
53 advisories
Filter by severity
Authentication Bypass Using an Alternate Path or Channel and Authentication Bypass by Primary Weakness in rucio-webui
High
GHSA-v988-828w-xvf2
was published
for
rucio-webui
(pip)
Oct 22, 2021
The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires...
High
Unreviewed
CVE-2021-33017
was published
Dec 28, 2021
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service...
High
Unreviewed
CVE-2022-22189
was published
Apr 15, 2022
Use of static encryption key material allows forging an authentication token to other users...
High
Unreviewed
CVE-2022-23724
was published
May 5, 2022
glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster...
High
Unreviewed
CVE-2018-10841
was published
May 13, 2022
Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to...
High
Unreviewed
CVE-2019-13526
was published
May 24, 2022
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected...
High
Unreviewed
CVE-2020-27865
was published
May 24, 2022
This vulnerability allows network-adjacent attackers to bypass authentication on affected...
High
Unreviewed
CVE-2020-27866
was published
May 24, 2022
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's...
High
Unreviewed
CVE-2021-35530
was published
Jun 8, 2022
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service...
High
Unreviewed
CVE-2022-2031
was published
Aug 26, 2022
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard
High
CVE-2022-36093
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Sep 16, 2022
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus...
High
Unreviewed
CVE-2022-47578
was published
Dec 20, 2022
Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie
High
CVE-2015-8314
was published
for
devise
(RubyGems)
Jan 26, 2023
An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer...
High
Unreviewed
CVE-2023-31152
was published
May 10, 2023
A proprietary protocol for iBoot devices is used for control and keepalive commands. The function...
High
Unreviewed
CVE-2022-47311
was published
May 23, 2023
The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to,...
High
Unreviewed
CVE-2023-2546
was published
Jun 6, 2023
The iBoot device’s basic discovery protocol assists in initial device configuration. The...
High
Unreviewed
CVE-2022-47320
was published
Jul 6, 2023
kube-apiserver authentication bypass vulnerability
High
CVE-2023-1260
was published
for
github.com/openshift/apiserver-library-go
(Go)
Sep 24, 2023
Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310...
High
Unreviewed
CVE-2023-42771
was published
Oct 3, 2023
WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive...
High
Unreviewed
CVE-2023-46319
was published
Oct 23, 2023
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to...
High
Unreviewed
CVE-2023-43045
was published
Oct 23, 2023
Docker Authentication Bypass
High
CVE-2018-12608
was published
for
github.com/docker/docker
(Go)
Jan 31, 2024
An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the...
High
Unreviewed
CVE-2024-26566
was published
Mar 7, 2024
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login...
High
Unreviewed
CVE-2024-31814
was published
Apr 8, 2024
parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over...
High
Unreviewed
CVE-2024-1646
was published
Apr 16, 2024
ProTip!
Advisories are also available from the
GraphQL API