Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

363 advisories

Loading
The product exposes a service that is intended for local only to all network interfaces without... High Unreviewed
CVE-2024-7940 was published Aug 27, 2024
A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00... High Unreviewed
CVE-2024-35124 was published Aug 13, 2024
Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass... High Unreviewed
CVE-2024-7007 was published Jul 25, 2024
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5... High Unreviewed
CVE-2024-39601 was published Jul 22, 2024
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL... High Unreviewed
CVE-2024-21146 was published Jul 17, 2024
Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access... High Unreviewed
CVE-2024-37767 was published Jul 5, 2024
IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive... High Unreviewed
CVE-2024-31916 was published Jun 27, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider High
CVE-2023-22650 was published for github.com/rancher/rancher (Go) Jun 17, 2024
STRIMZI incorrect access control High
CVE-2024-36543 was published for io.strimzi:strimzi (Maven) Jun 17, 2024
Toshiba printers provides API without authentication for internal access. A local attacker can... High Unreviewed
CVE-2024-27169 was published Jun 14, 2024
Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability.... High Unreviewed
CVE-2024-5951 was published Jun 13, 2024
Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import... High Unreviewed
CVE-2024-34800 was published Jun 10, 2024
Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller... High Unreviewed
CVE-2024-32752 was published Jun 6, 2024
When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the... High Unreviewed
CVE-2023-5935 was published May 15, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected... High Unreviewed
CVE-2024-27942 was published May 14, 2024
An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access... High Unreviewed
CVE-2022-32503 was published May 14, 2024
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an... High Unreviewed
CVE-2024-2860 was published May 8, 2024
By design, the DHCP protocol does not authenticate messages, including for example the classless... High Unreviewed
CVE-2024-3661 was published May 6, 2024
Voltronic Power ViewPower getModbusPassword Missing Authentication Information Disclosure... High Unreviewed
CVE-2023-51587 was published May 3, 2024
D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution... High Unreviewed
CVE-2023-50199 was published May 3, 2024
NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network... High Unreviewed
CVE-2023-41183 was published May 3, 2024
D-Link DAP-1325 HNAP Missing Authentication Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2023-41187 was published May 3, 2024
Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function... High Unreviewed
CVE-2023-38123 was published May 3, 2024
The devices allow access to an unprotected endpoint that allows MPFS file system binary image... High Unreviewed
CVE-2024-1491 was published Apr 19, 2024
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2024-21007 was published Apr 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database