GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
954 advisories
Filter by severity
A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A...
Critical
Unreviewed
CVE-2024-21855
was published
Dec 20, 2024
A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This...
Critical
Unreviewed
CVE-2024-12371
was published
Dec 18, 2024
Locally installed application can bypass the permission check and perform system operations that...
High
Unreviewed
CVE-2021-26280
was published
Dec 17, 2024
Authentication Bypass
vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops...
Critical
Unreviewed
CVE-2024-10205
was published
Dec 17, 2024
The wifi module exposes the interface and has improper permission control, leaking sensitive...
Moderate
Unreviewed
CVE-2021-26278
was published
Dec 17, 2024
When using special mode to connect to enterprise wifi, certain options are not properly...
Moderate
Unreviewed
CVE-2020-12484
was published
Dec 17, 2024
Lua apps can be deployed, removed, started, reloaded or stopped without authorization via...
High
Unreviewed
CVE-2024-10776
was published
Dec 6, 2024
Unauthenticated CROWN APIs allow access to critical functions. This leads to the accessibility of...
High
Unreviewed
CVE-2024-10774
was published
Dec 6, 2024
A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a...
High
Unreviewed
CVE-2024-42456
was published
Dec 4, 2024
A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting...
High
Unreviewed
CVE-2024-42455
was published
Dec 4, 2024
Synapse's unauthenticated writes to the media repository allow planting of problematic content
Moderate
CVE-2024-37303
was published
for
matrix-synapse
(pip)
Dec 3, 2024
A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and...
High
Unreviewed
CVE-2024-50381
was published
Dec 2, 2024
Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to...
High
Unreviewed
CVE-2024-53623
was published
Nov 30, 2024
Certain modes of in-vehicle routers from Billion Electric have a Missing Authentication...
Critical
Unreviewed
CVE-2024-11980
was published
Nov 29, 2024
Multiple FCNT Android devices provide the original security features such as "privacy mode" where...
Low
Unreviewed
CVE-2024-53701
was published
Nov 29, 2024
Missing authentication for critical function in Microsoft Azure PolicyWatch allows an...
High
Unreviewed
CVE-2024-49052
was published
Nov 26, 2024
Missing Authentication for Critical Function vulnerability in OpenText™ AccuRev for LDAP...
Critical
Unreviewed
CVE-2019-17082
was published
Nov 26, 2024
Admin authentication can be bypassed with some specific invalid credentials, which allows logging...
Moderate
Unreviewed
CVE-2024-33616
was published
Nov 26, 2024
Improper control of framework service permissions with possibility of some sensitive device...
Moderate
Unreviewed
CVE-2020-12491
was published
Nov 25, 2024
Improper handling of WiFi information by framework services can allow certain malicious...
Low
Unreviewed
CVE-2020-12492
was published
Nov 25, 2024
The administrative interface listens by default on all interfaces on a TCP port and does not...
Critical
Unreviewed
CVE-2024-47138
was published
Nov 23, 2024
Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This...
High
Unreviewed
CVE-2024-5721
was published
Nov 22, 2024
Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This...
High
Unreviewed
CVE-2024-5718
was published
Nov 22, 2024
A missing authentication for critical function vulnerability has been reported to affect Notes...
Critical
Unreviewed
CVE-2024-38643
was published
Nov 22, 2024
Missing Authentication for Critical Function vulnerability in deco.Agency de:branding allows...
High
Unreviewed
CVE-2024-52438
was published
Nov 20, 2024
ProTip!
Advisories are also available from the
GraphQL API