GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,093
Composer 4,324
Erlang 31
GitHub Actions 21
Go 2,087
Maven 5,251
npm 3,751
NuGet 674
pip 3,437
Pub 12
RubyGems 892
Rust 881
Swift 37

Unreviewed advisories

All unreviewed 241,621

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

905 advisories

Filter by severity

Sort by

Least recently updated

Nedap Librix Ecoreader is missing authentication for critical functions that could allow an ... High Unreviewed

CVE-2024-12757 was published Jan 17, 2025

The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing... Critical Unreviewed

CVE-2025-0456 was published Jan 16, 2025

Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver... High Unreviewed

CVE-2025-0355 was published Jan 15, 2025

An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000... Moderate Unreviewed

CVE-2024-39773 was published Jan 14, 2025

A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8... Critical Unreviewed

CVE-2024-39273 was published Jan 14, 2025

A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8... Critical Unreviewed

CVE-2024-39608 was published Jan 14, 2025

A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0... High Unreviewed

CVE-2024-35277 was published Jan 14, 2025

The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some... Moderate Unreviewed

CVE-2024-13185 was published Jan 8, 2025

The health module has insufficient restrictions on loading URLs, which may lead to some... Moderate Unreviewed

CVE-2024-13173 was published Jan 8, 2025

The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some... Moderate Unreviewed

CVE-2024-13186 was published Jan 8, 2025

Sensitive information disclosure due to missing authentication. The following products are... Moderate Unreviewed

CVE-2024-55538 was published Jan 2, 2025

In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP... Critical Unreviewed

CVE-2024-12106 was published Dec 31, 2024

A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A... Critical Unreviewed

CVE-2024-21855 was published Dec 20, 2024

An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted... Critical Unreviewed

CVE-2024-54984 was published Dec 20, 2024

An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to bypass authentication via a... Critical Unreviewed

CVE-2024-54983 was published Dec 20, 2024

An issue in Quectel BC25 with firmware version BC25PAR01A06 allows attackers to bypass... Critical Unreviewed

CVE-2024-54982 was published Dec 20, 2024

A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This... Critical Unreviewed

CVE-2024-12371 was published Dec 18, 2024

Locally installed application can bypass the permission check and perform system operations that... High Unreviewed

CVE-2021-26280 was published Dec 17, 2024

Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops... Critical Unreviewed

CVE-2024-10205 was published Dec 17, 2024

When using special mode to connect to enterprise wifi, certain options are not properly... Moderate Unreviewed

CVE-2020-12484 was published Dec 17, 2024

The wifi module exposes the interface and has improper permission control, leaking sensitive... Moderate Unreviewed

CVE-2021-26278 was published Dec 17, 2024

An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote... Critical Unreviewed

CVE-2024-11639 was published Dec 10, 2024

Lua apps can be deployed, removed, started, reloaded or stopped without authorization via... High Unreviewed

CVE-2024-10776 was published Dec 6, 2024

Unauthenticated CROWN APIs allow access to critical functions. This leads to the accessibility of... High Unreviewed

CVE-2024-10774 was published Dec 6, 2024

A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a... High Unreviewed

CVE-2024-42456 was published Dec 4, 2024

Previous 1 2 3 4 5 … 36 37 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

905 advisories