GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of...
Critical
Unreviewed
CVE-2024-51504
was published
Nov 7, 2024
The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15...
Critical
Unreviewed
CVE-2024-23674
was published
Feb 16, 2024
Mellium allows Authentication Bypass by Spoofing
Critical
CVE-2024-46957
was published
for
mellium.im/xmpp
(Go)
Sep 25, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7...
Critical
Unreviewed
CVE-2024-6678
was published
Sep 12, 2024
python-jwt vulnerable to token forgery with new claims
Critical
CVE-2022-39227
was published
for
python-jwt
(pip)
Sep 21, 2022
Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry...
Critical
Unreviewed
CVE-2024-37082
was published
Jul 3, 2024
Windows Kerberos Security Feature Bypass Vulnerability
Critical
Unreviewed
CVE-2024-20674
was published
Jan 9, 2024
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication...
Critical
Unreviewed
CVE-2023-30803
was published
Oct 10, 2023
Vulnerability of identity verification being bypassed in the Gallery module. Successful...
Critical
Unreviewed
CVE-2022-48513
was published
Jul 6, 2023
An authentication bypass issue via spoofing was discovered in the token-based authentication...
Critical
Unreviewed
CVE-2023-22814
was published
Jul 1, 2023
Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For...
Critical
Unreviewed
CVE-2021-25827
was published
Jun 28, 2023
Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS...
Critical
Unreviewed
CVE-2023-2807
was published
Jun 13, 2023
Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This...
Critical
Unreviewed
CVE-2023-2887
was published
May 25, 2023
** UNSUPPPORTED WHEN ASSIGNED **
** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an...
Critical
Unreviewed
CVE-2023-3243
was published
Jun 28, 2023
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a
allows remote...
Critical
Unreviewed
CVE-2023-31424
was published
Aug 31, 2023
A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and...
Critical
Unreviewed
CVE-2023-51350
was published
Jan 12, 2024
Vulnerability of identity verification being bypassed in the face unlock module. Successful...
Critical
Unreviewed
CVE-2023-5801
was published
Nov 8, 2023
Grafana vulnerable to Authentication Bypass by Spoofing
Critical
CVE-2023-3128
was published
for
github.com/grafana/grafana
(Go)
Jun 22, 2023
Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows...
Critical
Unreviewed
CVE-2023-4178
was published
Sep 5, 2023
Implementation trusts the "me" field returned by the authorization server without verifying it
Critical
GHSA-mjcr-rqjg-rhg3
was published
for
datasette-indieauth
(pip)
Nov 24, 2020
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of...
Critical
Unreviewed
CVE-2022-24112
was published
Feb 12, 2022
In the case of instances where the SAML SSO authentication is enabled (non-default), session data...
Critical
Unreviewed
CVE-2022-23131
was published
Jan 14, 2022
The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by...
Critical
Unreviewed
CVE-2017-14487
was published
May 13, 2022
Authentication Bypass in dex
Critical
CVE-2020-27847
was published
for
github.com/dexidp/dex
(Go)
Dec 20, 2021
EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler...
Critical
Unreviewed
CVE-2017-14375
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API