GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,003
Composer 4,299
Erlang 31
GitHub Actions 21
Go 2,064
Maven 5,240
npm 3,744
NuGet 668
pip 3,424
Pub 12
RubyGems 892
Rust 877
Swift 36

Unreviewed advisories

All unreviewed 239,971

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

330 advisories

Filter by severity

Sort by

Least recently updated

BIG-IP monitor functionality may allow an attacker to bypass access control restrictions,... High Unreviewed

CVE-2024-45844 was published Oct 16, 2024

Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP... High Unreviewed

CVE-2024-5749 was published Oct 15, 2024

An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to... High Unreviewed

CVE-2024-45276 was published Oct 15, 2024

The affected product lacks an authentication check when sending commands to the server via the... High Unreviewed

CVE-2024-9137 was published Oct 14, 2024

LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive... High Unreviewed

CVE-2024-48777 was published Oct 11, 2024

An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain... High Unreviewed

CVE-2024-48775 was published Oct 11, 2024

An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to... High Unreviewed

CVE-2024-48771 was published Oct 11, 2024

An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to... High Unreviewed

CVE-2024-48768 was published Oct 11, 2024

An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the... High Unreviewed

CVE-2024-48773 was published Oct 11, 2024

An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information... High Unreviewed

CVE-2024-48776 was published Oct 11, 2024

The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions... High Unreviewed

CVE-2024-9522 was published Oct 10, 2024

Missing authentication for critical function in Visual Studio Code extension for Arduino allows... High Unreviewed

CVE-2024-43488 was published Oct 8, 2024

Missing Authentication - User & System Configuration High Unreviewed

CVE-2024-47555 was published Oct 7, 2024

Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user.... High Unreviewed

CVE-2024-39364 was published Sep 27, 2024

The goTenna Pro series allows unauthenticated attackers to remotely update the local public keys... High Unreviewed

CVE-2024-47130 was published Sep 26, 2024

The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up... High Unreviewed

CVE-2024-7781 was published Sep 26, 2024

A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP... High Unreviewed

CVE-2024-8751 was published Sep 13, 2024

An authentication bypass weakness in the message broker service of Ivanti Workspace Control... High Unreviewed

CVE-2024-8012 was published Sep 10, 2024

Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and... High Unreviewed

CVE-2024-39300 was published Aug 30, 2024

The product exposes a service that is intended for local only to all network interfaces without... High Unreviewed

CVE-2024-7940 was published Aug 27, 2024

A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00... High Unreviewed

CVE-2024-35124 was published Aug 13, 2024

Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass... High Unreviewed

CVE-2024-7007 was published Jul 25, 2024

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5... High Unreviewed

CVE-2024-39601 was published Jul 22, 2024

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL... High Unreviewed

CVE-2024-21146 was published Jul 17, 2024

Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access... High Unreviewed

CVE-2024-37767 was published Jul 5, 2024

Previous 1 2 3 4 5 … 13 14 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

330 advisories