GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
47 advisories
Filter by severity
Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay...
Moderate
Unreviewed
CVE-2024-52534
was published
Dec 25, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window
Moderate
CVE-2024-45244
was published
for
github.com/hyperledger/fabric
(Go)
Aug 25, 2024
An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack...
Moderate
Unreviewed
CVE-2024-39081
was published
Sep 18, 2024
OPA for Windows has an SMB force-authentication vulnerability
Moderate
CVE-2024-8260
was published
for
github.com/open-policy-agent/opa
(Go)
Aug 30, 2024
Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypass via a Capture-Replay...
Moderate
Unreviewed
CVE-2024-37016
was published
Jul 15, 2024
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.
Moderate
Unreviewed
CVE-2024-5249
was published
Jul 30, 2024
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05
contains a replay...
Moderate
Unreviewed
CVE-2023-36857
was published
Oct 19, 2023
A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay.
Moderate
Unreviewed
CVE-2023-39373
was published
Sep 3, 2023
An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via...
Moderate
Unreviewed
CVE-2023-34553
was published
Jun 22, 2023
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request...
Moderate
Unreviewed
CVE-2023-33621
was published
Jun 13, 2023
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful...
Moderate
Unreviewed
CVE-2020-14302
was published
May 24, 2022
Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock...
Moderate
Unreviewed
CVE-2020-9438
was published
May 24, 2022
Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control.
Moderate
Unreviewed
CVE-2019-9158
was published
May 24, 2022
Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and...
Moderate
Unreviewed
CVE-2019-5307
was published
May 24, 2022
The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door...
Moderate
Unreviewed
CVE-2023-33281
was published
May 22, 2023
** DISPUTED ** An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications)...
Moderate
Unreviewed
CVE-2020-24722
was published
May 24, 2022
@workos-inc/authkit-nextjs session replay vulnerability
Moderate
CVE-2024-29901
was published
for
@workos-inc/authkit-nextjs
(npm)
Mar 29, 2024
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC...
Moderate
Unreviewed
CVE-2023-6374
was published
Jan 30, 2024
The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical...
Moderate
Unreviewed
CVE-2023-50128
was published
Jan 11, 2024
A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4...
Moderate
Unreviewed
CVE-2023-45794
was published
Nov 14, 2023
Authentication Bypass in hydra
Moderate
CVE-2020-5300
was published
for
github.com/ory/hydra
(Go)
May 27, 2021
A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and...
Moderate
Unreviewed
CVE-2023-20123
was published
Apr 5, 2023
An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application...
Moderate
Unreviewed
CVE-2019-11334
was published
May 24, 2022
The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF...
Moderate
Unreviewed
CVE-2022-45914
was published
Nov 27, 2022
GoAhead before 5.1.2 mishandles the nonce value during Digest authentication. This may permit...
Moderate
Unreviewed
CVE-2020-15688
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API