Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

190 advisories

Loading
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also... Critical Unreviewed
CVE-2023-43119 was published Oct 16, 2023
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password... Critical Unreviewed
CVE-2021-3833 was published May 24, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web... Critical Unreviewed
CVE-2022-30309 was published Jun 14, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x... Critical Unreviewed
CVE-2022-30311 was published Jun 14, 2022
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access... Critical Unreviewed
CVE-2024-45509 was published Sep 2, 2024
HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability... Critical Unreviewed
CVE-2024-6202 was published Aug 6, 2024
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve... Critical Unreviewed
CVE-2024-6782 was published Aug 6, 2024
In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report... Critical Unreviewed
CVE-2024-25652 was published Mar 14, 2024
A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows... Critical Unreviewed
CVE-2023-24051 was published Dec 5, 2023
An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of... Critical Unreviewed
CVE-2023-24052 was published Dec 5, 2023
** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-895 FW102b07... Critical Unreviewed
CVE-2023-36091 was published Jul 31, 2023
Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not... Critical Unreviewed
CVE-2023-38389 was published Jun 21, 2024
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability.... Critical Unreviewed
CVE-2023-22518 was published Oct 31, 2023
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). Critical Unreviewed
CVE-2022-26501 was published Mar 18, 2022
An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically... Critical Unreviewed
CVE-2024-1738 was published Apr 16, 2024
On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a... Critical Unreviewed
CVE-2019-14237 was published May 24, 2022
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An... Critical Unreviewed
CVE-2023-34051 was published Oct 20, 2023
In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user removed from an... Critical Unreviewed
CVE-2024-1740 was published Apr 10, 2024
BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of... Critical Unreviewed
CVE-2017-9453 was published Sep 5, 2023
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and... Critical Unreviewed
CVE-2023-38035 was published Aug 21, 2023
The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could... Critical Unreviewed
CVE-2023-32748 was published Aug 14, 2023
KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a... Critical Unreviewed
CVE-2023-33468 was published Aug 9, 2023
In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an... Critical Unreviewed
CVE-2023-36994 was published Jul 7, 2023
Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact... Critical Unreviewed
CVE-2022-44039 was published Jul 6, 2023
Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the... Critical Unreviewed
CVE-2022-46080 was published Jul 6, 2023
ProTip! Advisories are also available from the GraphQL API